It may or may not be the same people - as someone said before, the most likely reason for these scans is proxies to send spam from. I hardly would imagine that there are only one group of people performing this type of scanning. I see this type of scanning in fairly large numbers, even on my /26 at home - some of my clients networks are seeing even more. The main reason proxyprotector.com was fairly interesting was because of the volume (they were hitting networks 6 or 7 times in a day, which seems rather pointless), and because of the claimed legitimacy. > > And now, I'm seeing this in the snort summaries.... > > 1 65.106.233.2 SCAN Proxy (8080) attempt > 1 65.106.233.2 SCAN SOCKS Proxy attempt > 1 65.106.233.2 SCAN Squid Proxy attempt > > Two days in a row -- same pattern, same scans, from the same IP. Resolves > to 65.106.233.2.ptr.us.xo.net, so they're keeping quiet (or running the > scans from the home dsl line....) > > Mail to abuseat_private on the way. > > -- Regards, Mark Ng (www.informationintelligence.net) ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 09:00:45 PDT