[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net

Subject: [cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net
From: "Terrance Dwyer" <td@xxxxxxxx>
Date: Tue, 10 Jul 2001 23:13:56 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

For the last week I've received a dozen scans from the following ip.  What
concerns me is the volume of these scans.  The following represents a single
incident. The target is a RAQ3i, all updates, Port Sentry and ipchains.  Is
there a recent SOCKS port exploit?  I'm not an expert and would appreciate
any defensive tips.

Thanks,

TD

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via wrappers with string: "ALL: 213.250.62.113"
Jul 10 13:35:30 www portsentry[831]: attackalert: Host 213.250.62.113 has
been blocked via dropped route using command: "/sbin/route add -host
213.250.62.113 gw 127.0.0.1"
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:35:30 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:35:30 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:28 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:28 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:29 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:29 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:32 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:32 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring
Jul 10 13:40:38 www portsentry[831]: attackalert: SYN/Normal scan from host:
BSN-62-113.dsl.siol.net/213.250.62.113 to TCP port: 1080
Jul 10 13:40:38 www portsentry[831]: attackalert: Host:
BSN-62-113.dsl.siol.net/213.250.62.113 is already blocked Ignoring

Follow-Ups:
- Re: [cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net
  - From: Kevin D

Prev by Date: Re: [cobalt-security] Weird admin password issues
Next by Date: RE: [cobalt-security] [raq3] prw-r--r-- 1 root root 0 Jun 13 11:36 pipe
Previous by thread: Re: [cobalt-security] Weird admin password issues
Next by thread: Re: [cobalt-security] Port 1080 scans from BSN-62-113.dsl.siol.net

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index