Hi, There's an article in the newest 2600 mag describing how to do an anonymous port scan using numerous public proxy servers. Thus avoiding detection by an IDS (guess it didn't work too well). I bet that this is where the traffic is coming from. -Rich -----Original Message----- From: Grimes, Shawn (NIA/IRP) [mailto:GrimesShat_private] Sent: Friday, November 30, 2001 9:14 AM To: incidentsat_private Subject: Proxy Scans to dail up hosts... I notice in my snort logs that I have a box: 193.109.122.5 (proxyscan.undernet.org) That is connecting to some of our dial-up hosts and performing FYN scans on 1080 & 8080 (proxies). Has anyone else seen similar activity? Thank You, Shawn Grimes Computer Specialist NCTS - Gerontology Research Center 410-558-8007 grimesshat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Dec 01 2001 - 13:50:30 PST