Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Strange Scan

Re: Strange Scan

From: TJ Jablonowski <t.jablonowski_at_MAIL-2-GO.COM>
Date: Sun, 17 Dec 2000 17:29:16 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not with s3.com, this is on a totally different domain (connected
via cable modem). Just one hit, no other login attempts as of this
evening, no other signs of scanning/infiltration. Just a SynFin scan
yesterday evening on port 27665 TCP. Have to agree with some other
people that have responded that was a mis-configured open proxy scan.

- ----- Original Message -----
From: "Mark Collins" <me_at_THISISNURGLE.ORG.UK>
To: <INCIDENTS_at_SECURITYFOCUS.COM>
Sent: Sunday, December 17, 2000 12:59
Subject: Re: Strange Scan

> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Found this one in some logs today. Ftp server running on port 21
> *snip*
>
> That looks ike someone trying to connect to an FTP server from a
> web browser, but forgetting a few things. I.E.. they typed this in
> the url box:
>
> http://www.s3.com:21/
>
> Do you run an FTP server on that address, or something like it?
>
> IMHO, this is just idiocy on the end users part, and nothing to
> worry about.
>
> The Imfamous Mark 'Nurgle' Collins
> Lead Author - 'Linux Game Programming'

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOj0+OW+7g8loOAk5EQJQqQCgycYVohvXF3Mzj3VK1IEUmzlz2Q0AniNW
3YdlQcwUs5wQl/PidR/Ryna6
=58/W
-----END PGP SIGNATURE-----
Received on Dec 18 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos