|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
06-01-2003, 11:26 PM
|
#1 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
 |
Port Scan Every Boot
everytime I boot I get a port scan from the same IP. what action should I take against this?
|
|
|
|
06-01-2003, 11:43 PM
|
#2 |
|
Member (13 bit)
Join Date: Jun 2000
Location: nowhere.com
Posts: 4,819
|
Who's IP is it?
|
|
|
|
|
06-01-2003, 11:49 PM
|
#3 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
I don't know
|
|
|
|
|
06-02-2003, 10:28 AM
|
#5 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
ok I got it. I will call up the company and tell them about the user.
|
|
|
|
|
06-02-2003, 12:23 PM
|
#6 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
You sure it's a user?
|
|
|
|
|
06-02-2003, 12:24 PM
|
#7 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
what could it be?
|
|
|
|
|
06-02-2003, 03:19 PM
|
#8 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
if you post the address here, I might be able to tell you.
|
|
|
|
|
06-02-2003, 03:56 PM
|
#9 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
64.71.165.195
|
|
|
|
|
06-02-2003, 04:20 PM
|
#10 |
|
Member (13 bit)
Join Date: Jun 2000
Location: nowhere.com
Posts: 4,819
|
Something called "Hurricane Electric".
Probably a virus infected computer at that company or something. /shrug |
|
|
|
|
06-02-2003, 04:28 PM
|
#11 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
so I shouldn't worry about it?
|
|
|
|
|
06-02-2003, 10:10 PM
|
#12 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
Host name: for.more.information.visit.http.security.gamesnet.net
IP address: 64.71.165.195 Alias(es): 195.165.71.64.in-addr.arpa GamesNET began Active Proxy Detection on all newly connecting clients to our network as of January 30, 2000. We implemented this system in order to stop the abuse of unsecured WinGates and various other unsecured and openly accessible proxies. This has more recently been expanded on with the introduction of ProxyCheck services. We have instituted these measures in order to protect our users from other people who would use these proxies to attack and annoy the general network population and the network itself. This test is standard among virtually ALL irc networks at this time. GamesNET is a service we provide for you. We enjoy providing the service for you but you must remember that no one is holding a gun to your head to be here. If you are not using an unsecured proxy you have nothing to worry about. But if you don't like being checked for the presence of one, you are free not to connect here. The GamesNET staff including myself will do everything in our power to keep our network safe for the users who come here. The existence of this security sweep is a fact, and it will continue to exist as long as there are people out there who would abuse these proxies. I can not state strongly enough that if you do not wish to be scanned, than do not come here. If you connect to GamesNET from this point on having read this bulletin, you by your own action consent to be scanned by our services. Detection ProxyCheck will open connection attempts on numerous ports on your system. These will all be initiated from the proxycheck.gamesnet.net address including 80, 8080, 3128, SOCKS and 23. This is not a attempt to hack your system. This is the machine our security services run from. If your computer accepts this connection attempt, then you have a program running that is listening on this port. Usually that is a proxy. If your proxy is configured properly, it won't accept a connection from outside your LAN. If it is not configured properly, the connection will be tested. If the test is positive your host will be banned from the network. If the test is negative the socket is closed and that is the end of that. |
|
|
|
|
06-03-2003, 12:13 AM
|
#13 |
|
Member (10 bit)
Join Date: Jun 2002
Posts: 614
|
ah I see now. I have IRC to connect when I startup. but I don't understand exactly what they are scanning for.
also how exactly did you get that info? |
|
|
|
|
06-03-2003, 12:36 AM
|
#14 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
I have a little net utility suite called NetLab - I put that IP address in and did a DNS lookup and that's what I got. You can do the same using nslookup from a command prompt. I then browsed to http://security.gamesnet.net and pasted what I saw - if you do the same and read down some more they explain the purpose even more.
They are scanning for open proxy ports that can be exploited by hackers to plant zombie IRC bots on users' systems to carry out DDoS attacks on the IRC network. If you have open ports, they K-line you (refuse connection). |
|
|
|
|
06-09-2003, 01:15 AM
|
#15 |
|
Banned
Join Date: Feb 2002
Location: in harms way
Posts: 2,768
|
Either that or they are actively looking for sploitable systems.
|
|
|
|
|
06-09-2003, 09:07 AM
|
#16 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
I doubt that a legitimate IRC network would be doing that, it's for the protection of their network, they don't want a server full of zombie bots sitting around eating up their bandwidth.
|
|
|
|
|
06-09-2003, 05:01 PM
|
#17 |
|
Banned
Join Date: Feb 2002
Location: in harms way
Posts: 2,768
|
Is any IRC reputable?
|
|
|
|
|
06-10-2003, 01:01 AM
|
#18 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
Ive been an IRC user for 8 years now, and I've never had a problem. I also don't hang around in warez channels. IRC has been around longer than any of the instant messaging services and I think even longer then AOL chat rooms.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
