Hi - I trying to track down a persistent series of probes against systems at my home. I'm an XO DSL subscriber (tho not for long with the way things are going) - and have a 24/7 connection. I run ZoneAlarm on my Windows systems - and that's what has alerted me to a series of probes, coming from XO's own network.
Essentially I see a probe from their news server on port 1080 every 30 - 60 minutes. 1080 is commonly used as a proxy port under Windows for Internet Connection Sharing via Proxy. Naturally this port is not open on my system - and ZA lets me know that something just tried to talk to me. I also periodically see probes from old Code-Red (I'm sometimes running a web-server, not IIS, so I can tell by looking at the logs). Here's my problem - I've taken the proxy server from the scripts section of rebol.com, and told it to listen to port 1080 - and I get hits on it. But - they aren't looking for a URL, or contacting me to use it as a proxy. So - it's not real clear what they are trying to send out. I did create a stripped down server, and used 'copy to print out the probe - but that was singularly unrevealing. Has any one got a better way to setup a server port to just listen to the inbound packets and record them? - Porter Woodward PS: I've contact XO's security team twice about this, and the probes are still going strong 2 months later! I just want to find out what is coming in. It could be a curious little security breach that would be good to know about. -- To unsubscribe from this list, please send an email to [EMAIL PROTECTED] with "unsubscribe" in the subject, without the quotes.
