[Dshield] Increase in Proxy and SOCKS probes

Clay Dillard clay at securespeed.cc
Thu Mar 21 23:34:12 GMT 2002


Has anyone else noticed a rise in probes to 8080 and/or 1080?  Here are some
snippets from my logs.  This has been increasing over the last week.

>>>>SNIP<<<<

21/03/2002 02:48:32.978589       xl0 @0:1 b 61.79.232.158,4469 ->
24.25.3.54,1080 PR tcp len 20 48 -S IN
21/03/2002 02:48:33.077897       xl0 @0:1 b 61.79.232.158,4470 ->
24.25.3.54,8080 PR tcp len 20 48 -S IN
21/03/2002 07:42:00.367082       xl0 @0:1 b 24.216.201.195,44574 ->
24.25.3.54,1080 PR tcp len 20 40 -S IN
21/03/2002 07:42:01.316922       xl0 @0:1 b 24.216.201.195,44577 ->
24.25.3.54,1080 PR tcp len 20 40 -S IN
21/03/2002 14:37:46.824358       xl0 @0:1 b 166.77.235.170,33934 ->
24.25.3.54,113 PR tcp len 20 48 -S IN
21/03/2002 15:13:32.170333       xl0 @0:1 b 12.25.217.8,2494 ->
24.25.3.54,5631 PR tcp len 20 44 -S IN
21/03/2002 15:13:32.170461       xl0 @0:1 b 12.25.217.8,2496 ->
24.25.3.54,3128 PR tcp len 20 44 -S IN
21/03/2002 15:13:32.171172       xl0 @0:1 b 12.25.217.8,2495 ->
24.25.3.54,8080 PR tcp len 20 44 -S IN
21/03/2002 15:13:45.294769       xl0 @0:1 b 12.25.217.8,2494 ->
24.25.3.54,5631 PR tcp len 20 44 -S IN
21/03/2002 15:13:45.295566       xl0 @0:1 b 12.25.217.8,2496 ->
24.25.3.54,3128 PR tcp len 20 44 -S IN
21/03/2002 15:13:45.296261       xl0 @0:1 b 12.25.217.8,2495 ->
24.25.3.54,8080 PR tcp len 20 44 -S IN
21/03/2002 16:08:22.946988       xl0 @0:1 b 61.76.128.236,2130 ->
24.25.3.54,21 PR tcp len 20 48 -S IN
21/03/2002 16:08:25.918537       xl0 @0:1 b 61.76.128.236,2130 ->
24.25.3.54,21 PR tcp len 20 48 -S IN
21/03/2002 16:08:31.971715       xl0 @0:1 b 61.76.128.236,2130 ->
24.25.3.54,21 PR tcp len 20 48 -S IN
21/03/2002 16:40:05.955253       xl0 @0:1 b 192.139.219.40,64224 ->
24.25.3.54,1080 PR tcp len 20 44 -S IN
21/03/2002 16:40:05.955603       xl0 @0:1 b 192.139.219.40,64225 ->
24.25.3.54,23 PR tcp len 20 44 -S IN
21/03/2002 16:40:05.955895       xl0 @0:1 b 192.139.219.40,64226 ->
24.25.3.54,139 PR tcp len 20 44 -S IN
21/03/2002 16:40:08.886589       xl0 @0:1 b 192.139.219.40,64226 ->
24.25.3.54,139 PR tcp len 20 44 -S IN
21/03/2002 16:40:08.886739       xl0 @0:1 b 192.139.219.40,64225 ->
24.25.3.54,23 PR tcp len 20 44 -S IN
21/03/2002 16:40:08.886959       xl0 @0:1 b 192.139.219.40,64224 ->
24.25.3.54,1080 PR tcp len 20 44 -S IN
21/03/2002 16:40:08.983165       xl0 @0:1 b 192.139.219.40,64228 ->
24.25.3.54,8080 PR tcp len 20 44 -S IN
21/03/2002 18:28:33.691047       xl0 @0:1 b 203.197.173.129 -> 24.25.3.54 PR
icmp len 20 84 icmp 8/0 IN

Clay Dillard
Sr. Partner, Information Security
SecureSpeed Information Systems
http://www.securespeed.cc





More information about the list mailing list