From owner-freebsd-security  Sat May 15 19:27:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from foobar.franken.de (foobar.franken.de [194.94.249.81])
	by hub.freebsd.org (Postfix) with ESMTP id ECB6714D1E
	for <freebsd-security@FreeBSD.ORG>; Sat, 15 May 1999 19:27:47 -0700 (PDT)
	(envelope-from logix@foobar.franken.de)
Received: (from logix@localhost)
	by foobar.franken.de (8.8.8/8.8.5) id EAA28542;
	Sun, 16 May 1999 04:26:58 +0200 (CEST)
Message-ID: <19990516042657.A28280@foobar.franken.de>
Date: Sun, 16 May 1999 04:26:57 +0200
From: Harold Gutch <logix@foobar.franken.de>
To: Peter Wemm <peter@netplex.com.au>,
	Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	danny <danny@pentalpha.com.hk>, freebsd-security@FreeBSD.ORG
Subject: Re: network scan?
References: <Pine.OSF.4.10.9905131211500.1222-100000@bragg> <19990515204158.C390F1F58@spinner.netplex.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19990515204158.C390F1F58@spinner.netplex.com.au>; from Peter Wemm on Sun, May 16, 1999 at 04:41:56AM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, May 16, 1999 at 04:41:56AM +0800, Peter Wemm wrote:
> Kris Kennaway wrote:
> > On Wed, 12 May 1999, Matthew Dillon wrote:
> > 
> > > :May 12 18:42:24 server /kernel: ipfw: 26000 Deny TCP 202.38.248.205:4359
> > > :a.b.c.1:1080 in via ed0
> > > :...
> > > 
> > >     I get this all the time from people scanning for netbios.  I 
> > >     usually just ignore them.  If I'm in a bad mood I send a nasty gram
> > >     to the originating network.
> > 
> > In this case they're looking for an open SOCKS proxy (so they can use it to
> 
> In this particular case, it's a site in China.  They have a heavily
> censored internet gateway, and I see lots of probes from china (and other
> areas in Asia that have enforced proxy use and heavily censored feeds)
> looking for *:1080 (socks), *:3128 (squid) and *:8080 (squid and/or other
> proxies including netscape).  They are scanning for relays to bounce
> connections off to bypass the censored feed.
> 
Just to make sure I'm getting this right - you're saying China
has a censored internet gateway (i.e. blocking *something* [what
exactly ?] ), but they do allow connections to ports 1080, 3128
and 8080 ?

bye,
  Harold

-- 
<Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein.
Wed Mar  4 04:53:33 CET 1998   #unix, ircnet


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message