Re: Hacker activity?

From: Edward W. Ray (ewray_home_at_mmicman.com)
Date: 05/04/03 

Date: Sun, 4 May 2003 14:12:01 -0700

John:

It looks like an attempt to find an open proxy server. TCP port 6588 is
used by the AnalogX Proxy server, TCP port 1080 is used by SOCKS.

If your firewall is blocking it, you probably have nothing to worry about

Make sure none of your machines are running these servers openly to the
internet.

I use squid (TCP port 3128), but make sure to do ingress blocking of port
3128.

Regards.

Edward W. Ray
GCIA

"John P." <nospam@all.com> wrote in message
news:eJfp4idEDHA.3064@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> I'm not sure if this is the right place to post this kind of request,
please
> ignore it in case it is.
>
> For the past few days the firewall constantly reports hits from a certain
> address, over times I came to 'recognize' the IP address as being the same
> all over again and then I started loging the incidents, here are a couple:
>
> What are this attempts and how do I take measures to let the persons at
the
> other end do something about it? It's kind of irritating.
>
> Thanks,
> John
>
> (My IP is the one that starts with 66.214...)
>
> FWIN,2003/05/03,15:46:58 -7:00
> GMT,217.21.115.10:1272,66.214.129.154:1080,TCP (flags:S)
> FWIN,2003/05/03,15:47:12 -7:00
> GMT,217.21.115.10:1273,66.214.129.154:6588,TCP (flags:S)
> FWIN,2003/05/02,22:28:24 -7:00
> GMT,217.21.115.10:1063,66.214.129.154:1080,TCP (flags:S)
> FWIN,2003/05/02,22:28:36 -7:00
> GMT,217.21.115.10:1064,66.214.129.154:6588,TCP (flags:S)
> FWIN,2003/04/21,13:02:30 -7:00
> GMT,217.21.115.10:1172,66.214.129.154:1080,TCP (flags:S)
> FWIN,2003/04/21,13:02:44 -7:00
> GMT,217.21.115.10:1173,66.214.129.154:6588,TCP (flags:S)
> FWIN,2003/04/21,13:04:30 -7:00
GMT,217.21.115.9:1992,66.214.129.154:1080,TCP
> (flags:S)
> FWIN,2003/04/21,13:04:44 -7:00
GMT,217.21.115.9:1993,66.214.129.154:6588,TCP
> (flags:S)FWIN,2003/04/21,22:17:56 -7:00
> GMT,217.21.115.8:1902,66.214.129.154:1080,TCP (flags:S)
> FWIN,2003/04/21,22:18:10 -7:00
GMT,217.21.115.8:1903,66.214.129.154:6588,TCP
> (flags:S)FWIN,2003/04/26,18:17:30 -7:00
> GMT,217.21.115.6:1101,66.214.129.154:1080,TCP (flags:S)
> FWIN,2003/04/26,18:17:44 -7:00
GMT,217.21.115.6:1102,66.214.129.154:6588,TCP
> (flags:S)
> FWIN,2003/04/26,18:28:58 -7:00
GMT,217.21.115.9:1187,66.214.129.154:1080,TCP
> (flags:S)
> FWIN,2003/04/26,18:29:12 -7:00
GMT,217.21.115.9:1188,66.214.129.154:6588,TCP
> (flags:S)
> FWIN,2003/04/26,22:14:38 -7:00
GMT,217.21.115.8:1462,66.214.129.154:1080,TCP
> (flags:S)
> FWIN,2003/04/26,22:14:50 -7:00
GMT,217.21.115.8:1463,66.214.129.154:6588,TCP
> (flags:S)
> FWIN,2003/04/27,11:43:14 -7:00
GMT,217.21.115.6:1687,66.214.129.154:1080,TCP
> (flags:S)
> FWIN,2003/04/27,11:43:28 -7:00
GMT,217.21.115.6:1688,66.214.129.154:6588,TCP
> (flags:S)
> FWIN,2003/04/27,11:53:24 -7:00
GMT,217.21.115.9:1385,66.214.129.154:1080,TCP
> (flags:S)
> FWIN,2003/04/27,11:53:38 -7:00
GMT,217.21.115.9:1386,66.214.129.154:6588,TCP
> (flags:S)
>
>

Relevant Pages

  • Re: How do I use a proxy with Outlook epress Newsgroups posts?
    ... It will still emanate from your WAN address. ... You need to find a Proxy Server Service on the Internet that supports TCP port 119. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: need help on port
    ... While TCP port 8080 could be used for anything, ... with a proxy server. ... SubSeven (Sub7), etc. ... All of which are "Threats to Your Security on the ...
    (comp.security.firewalls)
  • Re: Access to home PC while travelling
    ... I now have remote access operating and ... >>I am using Norton Internet Security personal firewall. ... Where do I find out whether TCP Port 3389 is ...
    (microsoft.public.windowsxp.work_remotely)