So yesterday a network that I do work for had it¹s mail server scanned. I reported the scan (snort reported nmap F scan) to the offending netblock owner, thinking that they had a compromised machine. I was surprised to receive an email this morning stating ³Oh that¹s just our open proxy scanner². Now....I¹ve dealt with some open proxy scanners and seeing the activity before, but GOOD GANDHI...they scanned the ENTIRE port range of the machine..it took almost 3 hours from start to finish. Has anyone else seen such aggressive ³open proxy² scanning like that?
James
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
