Jump to content

Port Scanning - Open Prxies


Robert Slade

Recommended Posts

My firewall is periodically getting hammered by:

08/28/04 07:33:31 dns 213.180.193.68

nslookup 213.180.193.68

Canonical name: proxychecker.yandex.net

Addresses:

213.180.193.68

A Whois lookup gives:

role: Yandex LLC Network Operations

address: Yandex LLC

address: 40A Vavilova st.

address: 117333, Moscow, Russia

phone: +7 095 9743555

fax-no: +7 095 9743565

e-mail: noc[at]yandex.net

trouble: ------------------------------------------------------

trouble: Points of contact for Yandex LLC Network Operations

trouble: ------------------------------------------------------

trouble: Routing and peering issues: noc[at]yandex.net

trouble: spam issues: abuse[at]yandex.ru

trouble: Network security issues: abuse[at]yandex.ru

trouble: Mail issues: postmaster[at]yandex.ru

trouble: General information: info[at]yandex.ru

trouble: ------------------------------------------------------

admin-c: VLI1-RIPE

admin-c: GVS-RIPE

tech-c: KBG2-RIPE

notify: noc[at]yandex.net

nic-hdl: YNDX1-RIPE

mnt-by: YANDEX-MNT

changed: gvs[at]yandex-team.ru 20040625

source: RIPE

Am I seeing a misconfigured system, or something more sinister

Rob

Link to comment
Share on other sites

sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid...

15991[/snapback]

Maybe they scan all email receipts to see if it came from an open proxy???

Link to comment
Share on other sites

Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route.

I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt.

I've put their IP range in my firewall blocked connections just in case.

Rob

Link to comment
Share on other sites

Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. 

I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt.

I've put their IP range in my firewall blocked connections just in case.

16005[/snapback]

The problem with the laws is the source IP can be, almost always is, faked. In fact the IP of an open proxy is ideal.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...