[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: RE: Connect to port 1080

To: ids@uow.edu.au
Subject: IDS: RE: Connect to port 1080
From: "Martins, Fernando (Lisbon)" <FMartins@pt.imshealth.com>
Date: Fri, 28 May 1999 16:47:44 +0200
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

Hi Fiona,

For example, in many IRC channels there are scripts running ON JOIN for scan some ports (like 1080). That dont mean an attack, but can be only to check wingates for autorizing/block clones in a channel. Or can be a script kiddie looking for open doors for try to exploit them ...

Another example, people who as NukeNabber listening port 1080, with this kind of checks in IRC channels, can verify this kind of logs too.

Last example ... i had NukeNabber listening some port for trojans, so if some one scan my ports it can looks like i'm infected. 
An open 1080 if looks like a chance to exploit, in that single log line (imho) there is not enough information to say if this is an attack.

One simple explanation for that can happend every day ... every day some user access from that machine to Undernet IRC network, and every day he/she join #hackphreak ... so every day you will get that log. 

Kind Regards,
Fernando Martins

Prev by Date: RE: IDS: RE: how to get a nuke tool <not long>
Next by Date: Re: IDS: Connect to port 1080
Prev by thread: RE: IDS: RE: how to get a nuke tool <not long>
Next by thread: IDS: An Introduction
Index(es):
- Date
- Thread