[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net
- Subject: [cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net
- From: "Terrance Dwyer" <td@xxxxxxxx>
- Date: Tue, 10 Jul 2001 23:13:56 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
For the last week I've received a dozen scans from the following ip. What
concerns me is the volume of these scans. The following represents a single
incident. The target is a RAQ3i, all updates, Port Sentry and ipchains. Is
there a recent SOCKS port exploit? I'm not an expert and would appreciate
any defensive tips.
Thanks,
TD
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via wrappers with string: "ALL: 213.250.62.113"
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via dropped route using command: "/sbin/route add -host
213.250.62.113 gw 127.0.0.1"
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring