Robert Slade Posted August 28, 2004 Share Posted August 28, 2004 My firewall is periodically getting hammered by: 08/28/04 07:33:31 dns 213.180.193.68 nslookup 213.180.193.68 Canonical name: proxychecker.yandex.net Addresses: 213.180.193.68 A Whois lookup gives: role: Yandex LLC Network Operations address: Yandex LLC address: 40A Vavilova st. address: 117333, Moscow, Russia phone: +7 095 9743555 fax-no: +7 095 9743565 e-mail: noc[at]yandex.net trouble: ------------------------------------------------------ trouble: Points of contact for Yandex LLC Network Operations trouble: ------------------------------------------------------ trouble: Routing and peering issues: noc[at]yandex.net trouble: spam issues: abuse[at]yandex.ru trouble: Network security issues: abuse[at]yandex.ru trouble: Mail issues: postmaster[at]yandex.ru trouble: General information: info[at]yandex.ru trouble: ------------------------------------------------------ admin-c: VLI1-RIPE admin-c: GVS-RIPE tech-c: KBG2-RIPE notify: noc[at]yandex.net nic-hdl: YNDX1-RIPE mnt-by: YANDEX-MNT changed: gvs[at]yandex-team.ru 20040625 source: RIPE Am I seeing a misconfigured system, or something more sinister Rob Link to comment Share on other sites More sharing options...
dra007 Posted August 28, 2004 Share Posted August 28, 2004 I am leaning towards the SINISTER! Link to comment Share on other sites More sharing options...
Merlyn Posted August 28, 2004 Share Posted August 28, 2004 I believe you are OK. See This Thread on the subject: http://groups.google.com/groups?hl=en&lr=&...here%26rnum%3D4 Link to comment Share on other sites More sharing options...
dra007 Posted August 28, 2004 Share Posted August 28, 2004 sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid... Link to comment Share on other sites More sharing options...
Merlyn Posted August 28, 2004 Share Posted August 28, 2004 sounds strange they would probe randomly, unless they are looking for something or someone else is probing through them...but perhaps I am being paranoid... 15991[/snapback] Maybe they scan all email receipts to see if it came from an open proxy??? Link to comment Share on other sites More sharing options...
Robert Slade Posted August 29, 2004 Author Share Posted August 29, 2004 Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt. I've put their IP range in my firewall blocked connections just in case. Rob Link to comment Share on other sites More sharing options...
Merlyn Posted August 29, 2004 Share Posted August 29, 2004 Better to be safe than sorry Link to comment Share on other sites More sharing options...
cactipatch Posted August 31, 2004 Share Posted August 31, 2004 Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt. I've put their IP range in my firewall blocked connections just in case. 16005[/snapback] The problem with the laws is the source IP can be, almost always is, faked. In fact the IP of an open proxy is ideal. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.