The best example of why to scan some sites, and I personally will
only scan the following ports for specific information 23, and 1080,
as you know how many misconfigured proxy/wingate machines are
out there, over the past weekend, I have counted 200 attempted
connections on my honeypot for port 27665 which for all of you is
the connection port to the trin00s client. Of these 80% were perm.
wingate machines, that allowed for anonymous connections the
other 10% were other types of misconfigured proxies.
Now to include into this, watch IRC, and your e-mail, most spam is
now bounced through proxies, as it becomes absolutely
untraceable, because the person running the proxy like this doesn't
know how to configure it to monitor it properly, or to prevent it, the
ISP will not block these, and usually the traffic isn't monitored
hence the spammer is now untracable and it's innocent (though
people who will not RTFM), are the ones who loose their accounts.
When I was a system admin, of an ISP, I conducted port 1080
scans all the time of that as I could guess about 80% of our
customers ran misconfigured wingate's 20% had either BO or
NetBus running.
I have learned from experience, if my network is scanned often it is
due to some insecurity that is publically available, such as some
trojan, an misconfigured proxy server, or e-mail server. Hence
instead of harassing the people scanning, you should harass
yourself and see why you may be getting port scanned, because it
was something.
Jason Robertson
Network Analyst
[EMAIL PROTECTED]
http://www.astroadvice.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
