<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Incidents: R: correlation between porscans and local activity

R: correlation between porscans and local activity

From: Raistlin <raist_at_CTRADE.IT>
Date: Tue, 4 Jan 2000 16:26:34 +0100

> There now appears to be some coincidence between the times my family
> does web browsing and when I get scanned for port 1080.

Someone is probably trying to understand wether or not your is an open SOCKS
firewall they can use. I could bet these scans occur during IRC sessions
from one of your windows boxes (check if in the logs you have outgoing
traffic towards a 666X port).

Scanning IPs on IRC channels to check for open SOCKS it's a rather common
thing hackers-wanna-be love to do, since it leads to huge lists of addresses
they can trade, share and sell to other script kiddies around.

Just my bit of info,
Raist
Received on Jan 05 2000

This message: [ Message body ]
Next message: Scott Laws: "Re: port 119"
Previous message: Michael Damm: "Scanners using netcraft?"
In reply to: Thomas Molina: "correlation between porscans and local activity"
Next in thread: Michael Babcock: "Re: R: correlation between porscans and local activity"
Reply: Michael Babcock: "Re: R: correlation between porscans and local activity"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos