Robert Slade Posted August 28, 2004 Posted August 28, 2004 My firewall is periodically getting hammered by: 08/28/04 07:33:31 dns 213.180.193.68 nslookup 213.180.193.68 Canonical name: proxychecker.yandex.net Addresses: 213.180.193.68 A Whois lookup gives: role: Yandex LLC Network Operations address: Yandex LLC address: 40A Vavilova st. address: 117333, Moscow, Russia phone: +7 095 9743555 fax-no: +7 095 9743565 e-mail: noc[at]yandex.net trouble: ------------------------------------------------------ trouble: Points of contact for Yandex LLC Network Operations trouble: ------------------------------------------------------ trouble: Routing and peering issues: noc[at]yandex.net trouble: spam issues: abuse[at]yandex.ru trouble: Network security issues: abuse[at]yandex.ru trouble: Mail issues: postmaster[at]yandex.ru trouble: General information: info[at]yandex.ru trouble: ------------------------------------------------------ admin-c: VLI1-RIPE admin-c: GVS-RIPE tech-c: KBG2-RIPE notify: noc[at]yandex.net nic-hdl: YNDX1-RIPE mnt-by: YANDEX-MNT changed: gvs[at]yandex-team.ru 20040625 source: RIPE Am I seeing a misconfigured system, or something more sinister Rob
Merlyn Posted August 28, 2004 Posted August 28, 2004 I believe you are OK. See This Thread on the subject: http://groups.google.com/groups?hl=en&lr=&...here%26rnum%3D4
dra007 Posted August 28, 2004 Posted August 28, 2004 sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid...
Merlyn Posted August 28, 2004 Posted August 28, 2004 sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid... 15991[/snapback] Maybe they scan all email receipts to see if it came from an open proxy???
Robert Slade Posted August 29, 2004 Author Posted August 29, 2004 Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt. I've put their IP range in my firewall blocked connections just in case. Rob
cactipatch Posted August 31, 2004 Posted August 31, 2004 Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt. I've put their IP range in my firewall blocked connections just in case. 16005[/snapback] The problem with the laws is the source IP can be, almost always is, faked. In fact the IP of an open proxy is ideal.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.