Re: [tlug] Strange httpd and TCP/135 logs...

[Godwin Stewart <gstewart@example.com>]

And Thus Spake Bruno Raoult <br@example.com> (on Thu, 28 Aug 2003 21:33:57
+0900):

> 219.139.36.113

Chinanet.cn.net - Probably phishing for HTTP proxies on port 80 in order to
relay spam.

> 202.205.169.35

Different network in China, most likely the same reason. This network
belongs to the Educational Technology Office of State Education Commission
so I suspect that it is itself an open proxy being abused by a spammer
adding a layer of anonymity to its actions.

> 68.155.196.72

bellsouth.net - they're not particularly well known for this kind of thing.

> 24.175.241.135

RoadRunner cable. Don't know what they're up to.

> At the same moment, my router filter logs show a huge number of requests
> on all my IP addresses on both ports 80 & 135.

TCP port 135 or UDP port 135? If the latter then it's someone with the
blaster worm trying to infect you.

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683 (Slackware 9.0)
---------------------------------------------------------------
Shin, n. :  a device for finding furniture in the dark.

Attachment: pgp00068.pgp
Description: PGP signature