Security Incidents mailing list archives
Re: Undernet/telnet attempts?
From: jlevy () IMNEVERWRONG COM (Jonathan Levy)
Date: Mon, 21 Feb 2000 20:01:48 -0500
IIRC Undernet doesn't check for eggdrops (on some servers they are allowed). Taken from http://help.undernet.org/proxyscan/proxyadmin.html: "The Undernet.org IRC network is now checking all users who attempt to connect to our private network for insecure, exploitable Socks Proxy (4/5) and Wingate servers. This check is only done after a user attempts to establish a connection to an Undernet.org IRC server." if you do a /stats g on an Undernet server you'd notice a whole lot of people "g-lined" for Wingate/proxy abuse. What you are getting are attempts on ports 23 and 1080 (telnet and socks firewall). To my knowledge these don't seem too harmful, although I could see someone 'spoofing' (as have been problems years ago on the Undernet) and having some sort of code that would make the server think that someone is trying to connect a whole lot... maybe that annoying throttle thing would stop that. Hope this helps... -jonathan levy / equalize -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of SecOrg Sent: Friday, February 18, 2000 7:51 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Undernet/telnet attempts? I have gotten a number of telnet attempts/scans on my server from undernet IRC hosts. A couple of the hosts were dallas-r.tx.us.undernet.org ProxyScan.MD.US.Undernet.Org As the name implies, I am guessing they are scanning wingates/proxies, etc for security/eggdrop reasons. Does anyone know if they scan all incoming connections for telnet(wingate) ports? And if so, why they would try to connect to it afterwards? Maybe some kind of fingerprinting technique that would find out if it is a open wingate? Thank you, Randy McClelland-Bane @Harborside Technical Support 1-800-680-8855
Current thread:
- Re: MASSIVE ssh attack attempt, (continued)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
- Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
- Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
- Undernet/telnet attempts? SecOrg (Feb 18)
- Re: Undernet/telnet attempts? Opus (Feb 21)
- Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
- Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
- Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
