Security Incidents mailing list archives
Re: Strange Scan
From: TJ Jablonowski <t.jablonowski () MAIL-2-GO COM>
Date: Sun, 17 Dec 2000 17:29:16 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not with s3.com, this is on a totally different domain (connected via cable modem). Just one hit, no other login attempts as of this evening, no other signs of scanning/infiltration. Just a SynFin scan yesterday evening on port 27665 TCP. Have to agree with some other people that have responded that was a mis-configured open proxy scan. - ----- Original Message ----- From: "Mark Collins" <me () THISISNURGLE ORG UK> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Sunday, December 17, 2000 12:59 Subject: Re: Strange Scan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Found this one in some logs today. Ftp server running on port 21*snip* That looks ike someone trying to connect to an FTP server from a web browser, but forgetting a few things. I.E.. they typed this in the url box: http://www.s3.com:21/ Do you run an FTP server on that address, or something like it? IMHO, this is just idiocy on the end users part, and nothing to worry about. The Imfamous Mark 'Nurgle' Collins Lead Author - 'Linux Game Programming'
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOj0+OW+7g8loOAk5EQJQqQCgycYVohvXF3Mzj3VK1IEUmzlz2Q0AniNW 3YdlQcwUs5wQl/PidR/Ryna6 =58/W -----END PGP SIGNATURE-----
Current thread:
- Re: Strange Scan Mark Collins (Dec 18)
- Re: Strange Scan Ken (Dec 18)
- Re: Strange Scan TJ Jablonowski (Dec 18)