[97088] in North American Network Operators' Group
Re: Port 1080 probes from AOL
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Thu May 31 23:59:21 2007
Date: Fri, 1 Jun 2007 09:28:26 +0530
From: "Suresh Ramasubramanian" <ops.lists@gmail.com>
To: "up@3.am" <up@3.am>
Cc: nanog@nanog.org
In-Reply-To: <Pine.BSF.4.44.0705310832210.90379-100000@richard2.pil.net>
Errors-To: owner-nanog@merit.edu
On 5/31/07, up@3.am <up@3.am> wrote:
>
>
> One of my virtual web host servers have been getting multiple probes to
> TCP port 1080 (socks) every day for months from AOL IP addresses.
>
> Is AOL known to be doing something relatively innocuous on that port? I
> ask because I have portsentry null routing IP addresses that make probes
> like this.
>
If they're [SOME HEX].ipt.aol.com rDNS'd IPs - those are AOL dialups,
so probably compromised / virus infected nodes
