[cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net

[Terrance Dwyer]

For the last week I've received a dozen scans from the following ip.  What
concerns me is the volume of these scans.  The following represents a single
incident. The target is a RAQ3i, all updates, Port Sentry and ipchains.  Is
there a recent SOCKS port exploit?  I'm not an expert and would appreciate
any defensive tips.

Thanks,

TD

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via wrappers with string: "ALL: 213.250.62.113"
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via dropped route using command: "/sbin/route add -host
213.250.62.113 gw 127.0.0.1"
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security