Thomas Molina <tmolina_at_HOME.COM> writes:
> The interesting thing to me is the change in pattern I've seen. Port
> scans for port 1080 at my location are quite common. I've got logs back
> 90 days; Through the end of December I only see one scan for port 119.
> I've seen three separate incidents since the 1st of January.
There is active scanning for open servers going on at present; you can see
some of the traffic in the newsgroup free.hipcrime if you have a server
that carries it. Most of it is due to an ex-spammer turned vandal who's
distributing automated cancel bots that use open news servers in an
attempt to destroy as much of Usenet as he can because people won't let
him abuse it. Most of the people who are using them are similarly
large-scale spammers, some of whom are on the run from the law.
--
Russ Allbery (rra@stanford.edu) <URL:http://www.eyrie.org/~eagle/>
Received on Jan 06 2000
Intro
