[Snort-users] SMTP scans

Dr SuSE drsuse at ...748...
Thu Nov 30 01:20:07 EST 2000


Hmm, the page claims that it can not be used to scan third parties
You dont have to email them.  There is a link at
www.cablemodemhelp.com/portscan.htm where you can block your ip from being
scanned.  I blocked myself then tried to use their scanner and it reported
back that my IP is blocked and it wont scan my host.
Too bad it will only block the IP of the machine your visting the page
from.  Would be better if you can enter in a range.

I dont know why anyone would want to waste their time building a web based
port scanner.  Think about it, if you dont have the skills to install one
of many port scanners freely available then you probably dont have the
skills to secure your machine bases on the port scan info you get from
sites like this.

 Dr SuSE

"Microsoft ist nicht installiert"

On Thu, 30 Nov 2000, Marcus Nelson wrote:

> I've been getting hit with a lot of SMTP scans from 206.34.203.20.  I have
> about 306 hits form 21:28 on 11/28 to 08:39 11/30.
> 
> [**] SMTP Attempt [**]
> 11/28-21:28:52.921232 206.34.203.20:3486-> 24.xxx.xxx.25:25
> TCP TTL:48 TOS:0x0 ID:33430 DF
> ******S* Seq: 0x39E16824 Ack: 0x0 Win: 0x7D78
> TCP Options => MSS: 1460 SackOK TS: 2896151777 0 NOP WS: 0
> 
> There is a web site called http://portscan.cablemodemhelp.com.  The page
> claims that it only scans sites that have connected to the page.  The system
> that is getting hit is ONLY an IDS box and does not even have a browser
> installed.
> 
> The page also claims that you can be 'removed' from the scan list if you
> email them.  Sounds fishy to me.....
> 
> Thanks,
> 
> Marc Nelson
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 




More information about the Snort-users mailing list