Jump to content
Sign in to follow this  
Robert Slade

Port Scanning - Open Prxies

Recommended Posts

My firewall is periodically getting hammered by:

08/28/04 07:33:31 dns 213.180.193.68

nslookup 213.180.193.68

Canonical name: proxychecker.yandex.net

Addresses:

213.180.193.68

A Whois lookup gives:

role: Yandex LLC Network Operations

address: Yandex LLC

address: 40A Vavilova st.

address: 117333, Moscow, Russia

phone: +7 095 9743555

fax-no: +7 095 9743565

e-mail: noc[at]yandex.net

trouble: ------------------------------------------------------

trouble: Points of contact for Yandex LLC Network Operations

trouble: ------------------------------------------------------

trouble: Routing and peering issues: noc[at]yandex.net

trouble: spam issues: abuse[at]yandex.ru

trouble: Network security issues: abuse[at]yandex.ru

trouble: Mail issues: postmaster[at]yandex.ru

trouble: General information: info[at]yandex.ru

trouble: ------------------------------------------------------

admin-c: VLI1-RIPE

admin-c: GVS-RIPE

tech-c: KBG2-RIPE

notify: noc[at]yandex.net

nic-hdl: YNDX1-RIPE

mnt-by: YANDEX-MNT

changed: gvs[at]yandex-team.ru 20040625

source: RIPE

Am I seeing a misconfigured system, or something more sinister

Rob

Share this post


Link to post
Share on other sites

sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid...

Share this post


Link to post
Share on other sites
sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid...

15991[/snapback]

Maybe they scan all email receipts to see if it came from an open proxy???

Share this post


Link to post
Share on other sites

Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route.

I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt.

I've put their IP range in my firewall blocked connections just in case.

Rob

Share this post


Link to post
Share on other sites
Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. 

I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt.

I've put their IP range in my firewall blocked connections just in case.

16005[/snapback]

The problem with the laws is the source IP can be, almost always is, faked. In fact the IP of an open proxy is ideal.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×