Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Network Guru...

From: pwoodward::cncdsl::com at: 14-Dec-2001 10:54

Hi - I trying to track down a persistent series of probes against systems at my home. I'm an XO DSL subscriber (tho not for long with the way things are going) - and have a 24/7 connection. I run ZoneAlarm on my Windows systems - and that's what has alerted me to a series of probes, coming from XO's own network. Essentially I see a probe from their news server on port 1080 every 30 - 60 minutes. 1080 is commonly used as a proxy port under Windows for Internet Connection Sharing via Proxy. Naturally this port is not open on my system - and ZA lets me know that something just tried to talk to me. I also periodically see probes from old Code-Red (I'm sometimes running a web-server, not IIS, so I can tell by looking at the logs). Here's my problem - I've taken the proxy server from the scripts section of, and told it to listen to port 1080 - and I get hits on it. But - they aren't looking for a URL, or contacting me to use it as a proxy. So - it's not real clear what they are trying to send out. I did create a stripped down server, and used 'copy to print out the probe - but that was singularly unrevealing. Has any one got a better way to setup a server port to just listen to the inbound packets and record them? - Porter Woodward PS: I've contact XO's security team twice about this, and the probes are still going strong 2 months later! I just want to find out what is coming in. It could be a curious little security breach that would be good to know about.