Hi, What you see as 15 attempts is in fact 3 connect() attempts, on different ports. Your firewall doesn't reject the requests, but just block 'em, so the proxyscanner send several attempts. I'm sorry but this is the standard behaviour of the posix/bsd connect() function.
It's not scanning always when you connect to IRC, but it can be long after in some case. The only thing i can affirm is that "This check is ONLY DONE if a user attempts to establish a connection to an UnderNet IRC server." You might want to visit this URL: http://www.undernet.org/proxyscan.php for more infos about the Undernet's proxyscanner. Regards, -- mbuna >Here's what my firewall recorded tonight, all times are EST, -5 GMT. I had >been on IRC for about 2 hours when the scans were logged. 193.109.122.5 is >Undernet's proxy scanner which I thought was only supposed to check for >open ports when you connected to IRC, not after you've been connected for 2 >hours. Also, I'd say 15 attempts in just over 1 minute is quite excessive >and could be considered (or seen as) a flood attempt. I'm subbed here, so >don't bother cc-ing me. >stoney` > >Firewall log: all times are -5hr. GMT (Eastern standard time) > > 1/5/02 00:57:36.558 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:30.646 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:27.684 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:24.766 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:21.803 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:18.745 Firewall Rule "Implicit block rule" blocked >(MYOB,8000). Details: >Inbound TCP connection >Local address,service is (MYOB,8000) >Remote address,service is (193.109.122.5,3965) >Process name is "N/A" > 1/5/02 00:57:06.441 Firewall Rule "Implicit block rule" blocked >(MYOB,3128). Details: >Inbound TCP connection >Local address,service is (MYOB,3128) >Remote address,service is (193.109.122.5,3016) >Process name is "N/A" > 1/5/02 00:57:00.441 Firewall Rule "Implicit block rule" blocked >(MYOB,3128). Details: >Inbound TCP connection >Local address,service is (MYOB,3128) >Remote address,service is (193.109.122.5,3016) >Process name is "N/A" > 1/5/02 00:56:57.441 Firewall Rule "Implicit block rule" blocked >(MYOB,3128). Details: >Inbound TCP connection >Local address,service is (MYOB,3128) >Remote address,service is (193.109.122.5,3016) >Process name is "N/A" > 1/5/02 00:56:54.440 Firewall Rule "Implicit block rule" blocked >(MYOB,3128). Details: >Inbound TCP connection >Local address,service is (MYOB,3128) >Remote address,service is (193.109.122.5,3016) >Process name is "N/A" > 1/5/02 00:56:36.737 Firewall Rule "Implicit block rule" blocked >(MYOB,81). Details: >Inbound TCP connection >Local address,service is (MYOB,81) >Remote address,service is (193.109.122.5,2045) >Process name is "N/A" > 1/5/02 00:56:30.757 Firewall Rule "Implicit block rule" blocked >(MYOB,81). Details: >Inbound TCP connection >Local address,service is (MYOB,81) >Remote address,service is (193.109.122.5,2045) >Process name is "N/A" > 1/5/02 00:56:27.757 Firewall Rule "Implicit block rule" blocked >(MYOB,81). Details: >Inbound TCP connection >Local address,service is (MYOB,81) >Remote address,service is (193.109.122.5,2045) >Process name is "N/A" > 1/5/02 00:56:24.756 Firewall Rule "Implicit block rule" blocked >(MYOB,81). Details: >Inbound TCP connection >Local address,service is (MYOB,81) >Remote address,service is (193.109.122.5,2045) >Process name is "N/A" > 1/5/02 00:56:21.773 Firewall Rule "Implicit block rule" blocked >(MYOB,81). Details: >Inbound TCP connection >Local address,service is (MYOB,81) >Remote address,service is (193.109.122.5,2045) >Process name is "N/A" > > > >Py Fivestones >[EMAIL PROTECTED]
