proxyscan2.quakenet.org

Spoonman · 12-06-2001 11:52pm #1

Shortly after joining irc through my linux machine I get the following alert from portsentry:

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jun 12 19:00:02 nash portsentry[592]: attackalert: SYN/Normal scan from host: proxyscan2.quakenet.org/213.221.173.99 to TCP port: 80
Jun 12 19:00:02 nash portsentry[592]: attackalert: Host 213.221.173.99 has been blocked via wrappers with string: "ALL: 213.221.173.99"

Anyone know why this box is scanning my http port (80), after about an hour or 2 online it attepts to rescans port 80 again. Whats it looking for?

ecksor · 12-06-2001 11:59pm

Gosh, you don't suppose it's scanning for proxies?

Spoonman · 13-06-2001 3:10am

Well, I would have tought the client would have to request a proxy connection not the other way around. seems a bit exessive scanning everone who connects to irc for a proxy.

dogs · 13-06-2001 3:18am

It's just checking to see if you're coming *from* an open proxy.
Most IRC networks check for an open SOCKS, etc proxy. It's not excessive considering the hastle/disruption they can cause when abused.

MindPhuck · 13-06-2001 11:05am

I believe that its a proxy scan from quakenet. You can check it out here -

http://www.quakenet.eu.org/openproxies.html

Spoonman · 13-06-2001 4:15pm

Thanks for the explenations guys. The problem with portsentry is it can be too sensitive, any ports I'm not using it goes ape if some other host tries to connect to me.

proxyscan2.quakenet.org

Comments