Shawn, I've seen this on certain IRC servers. They scan to see if you are using "secure" proxy software. I don't know exactly what they have put in the packets to test if your proxy is "secure." Couldn't find anything from undernet in their MOTD, but here's an example below. <snip from irc.webmaster.com> /motd ωνω - ATTENTION!: ωνω - Your connection will be scanned on port 1080. ωνω - The scanning does not do anything to your system, it only determines if ωνω - you are using a proxy, and if its insecure. If it's insecure you will not be ωνω - able to connect back to the network using the proxy or wingate ωνω - server you used to first log on. You will have to connect with your own ωνω - internet connection. </snippet> -dave On Fri, Nov 30, 2001 at 10:14:27AM -0500, Grimes, Shawn (NIA/IRP) wrote: > I notice in my snort logs that I have a box: > 193.109.122.5 (proxyscan.undernet.org) > > That is connecting to some of our dial-up hosts and performing FYN scans on > 1080 & 8080 (proxies). > > Has anyone else seen similar activity? > > Thank You, > Shawn Grimes > Computer Specialist > NCTS - Gerontology Research Center > 410-558-8007 > grimesshat_private > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Dec 01 2001 - 13:22:09 PST