Security Incidents mailing list archives
Re: Undernet/telnet attempts?
From: tibor () LIB UAA ALASKA EDU (Tibor, Mike)
Date: Tue, 22 Feb 2000 16:06:08 -0900
On Fri, 18 Feb 2000, SecOrg wrote:
I have gotten a number of telnet attempts/scans on my server from undernet IRC hosts. A couple of the hosts were dallas-r.tx.us.undernet.org ProxyScan.MD.US.Undernet.Org As the name implies, I am guessing they are scanning wingates/proxies, etc for security/eggdrop reasons. Does anyone know if they scan all incoming connections for telnet(wingate) ports? And if so, why they would try to connect to it afterwards? Maybe some kind of fingerprinting technique that would find out if it is a open wingate?
I've experienced those probes myself, and in email exchanges with the technical contacts (angel111 () ns2 cetlink net, danny () chatsystems com, abuse () undernet org, noc () u1 abs net), they vehemently claim to only probe each machine when it makes an IRC connection to them (ie, the incoming IRC connection triggers the probe) The problem *I* have with it is that when I confronted them they couldn't produce any evidence my server ever made those connections--they apparently don't keep any logs. In my case it's rather interesting as only 4 people other than myself have shell access to my server, and none of us has *ever* done any IRC activity from it (and I'm also confident it hasn't been rooted). Mike -- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice LAN Technician Consortium Library (907) 786-6050 fax tibor () lib uaa alaska edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key
Current thread:
- Re: MASSIVE ssh attack attempt, (continued)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
- Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
- Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
- Undernet/telnet attempts? SecOrg (Feb 18)
- Re: Undernet/telnet attempts? Opus (Feb 21)
- Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
- Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
- Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)