Re: Strange Scan

[TJ Jablonowski <t.jablonowski () MAIL-2-GO COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not with s3.com, this is on a totally different domain (connected
via cable modem).  Just one hit, no other login attempts as of this
evening, no other signs of scanning/infiltration. Just a SynFin scan
yesterday evening on port 27665 TCP. Have to agree with some other
people that have responded that was a mis-configured open proxy scan.


- ----- Original Message -----
From: "Mark Collins" <me () THISISNURGLE ORG UK>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Sunday, December 17, 2000 12:59
Subject: Re: Strange Scan


> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Found this one in some logs today. Ftp server running on port 21
> *snip*
>
> That looks ike someone trying to connect to an FTP server from a
> web browser, but forgetting a few things. I.E.. they typed this in
> the url box:
>
> http://www.s3.com:21/
>
> Do you run an FTP server on that address, or something like it?
>
> IMHO, this is just idiocy on the end users part, and nothing to
> worry about.
>
> The Imfamous Mark 'Nurgle' Collins
> Lead Author - 'Linux Game Programming'

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOj0+OW+7g8loOAk5EQJQqQCgycYVohvXF3Mzj3VK1IEUmzlz2Q0AniNW
3YdlQcwUs5wQl/PidR/Ryna6
=58/W
-----END PGP SIGNATURE-----