Security Incidents mailing list archives
Re: Undernet/telnet attempts?
From: opus () IRCORE COM (Opus)
Date: Wed, 23 Feb 2000 00:07:26 -0600
please email me privately so as not promoting my network here in a listserv, and i will then show you the log of you connecting, if you tell me you had connected, i do not log as to whether i find you being a open proxy, i log that you connected to my network, i trust the code that i have written, and the only complaints i have received is from those not knowing how to configure their proxy software, once they have configured their software, they are able to connect. This is not a kiddy network this is a successful financial trading network. If you are seriously in doubt and concerned about the integrity of such matters, i would even be willing to show you the source code. I can not obviously vouge for everyone, but the concept that it is trying to cover is as sound as can be without jeapordizing the 97% of users who do not abuse such things. Chris Birch IRCore opus@ircore,com On Tue, 22 Feb 2000 tibor () lib uaa alaska edu wrote:
On Mon, 21 Feb 2000, Opus wrote:I have written such a service and basically whatt is done is port 23 is checked for wingate and a wingate prompt, if one is seen then the client is immediately removed from the server with a gline. The other port is 1080 SOCKS and it is checked for a specific hex pattern to determine if it infact is responding as an open SOCKS proxy, both are considered bad in the irc community for its ability to allow anyone to use them from the outside, thus evading bans and glines imposed for various reasons.Hmmm... I've connected to a couple of different Undernet IRC servers today, as well as telnet.chatsystems.com to try to see if I could trigger a probe, but haven't seen anything after several hours. This, along with the fact that they have no logs to back up their claim that probes are only triggered by IRC connections, doesn't make me particularly confident that they're being honest. Mike -- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice LAN Technician Consortium Library (907) 786-6050 fax tibor () lib uaa alaska edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key
Current thread:
- Re: Undernet/telnet attempts? Jon Burdge (Feb 21)
- <Possible follow-ups>
- Re: Undernet/telnet attempts? Opus (Feb 22)