Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port 1080 probes from AOL

  • From: Suresh Ramasubramanian
  • Date: Fri Jun 01 00:02:16 2007
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KiQRb7JXj/eZGvlcBeE6V5ric3tywc62buhmZBPmsWuvPGx9wHXZ/fvLCpowxB+A4369yhbPPo8larVSHPn8VV7dLsvzKm/LVd7sagypcMIe2yHfiT5/sVlgEPfjCfU6ecwnSLAHuPj8jxoqQqOM9v/S7zXRC73Koh8lFHapFjo=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=E8iEteQM6LZQ5OllvGOMLzSAIrhq0XMVyO25QCDOqZha6/pgd55w1bkVVWGqlmOw4T6y0fwlFVxKJPYvg2i+bLgsRIysmdrz4E/Mujqle9zZnJZ2QRsjPRHO1j4CgsBYyJx4pmElUaQDvJcmaQXuIEv8xcp5h36NXcJY/JgMbTc=
On 5/31/07, up@3.am <up@3.am> wrote:


One of my virtual web host servers have been getting multiple probes to
TCP port 1080 (socks) every day for months from AOL IP addresses.

Is AOL known to be doing something relatively innocuous on that port?  I
ask because I have portsentry null routing IP addresses that make probes
like this.


If they're  [SOME HEX].ipt.aol.com rDNS'd IPs - those are AOL dialups,
so probably compromised / virus infected nodes


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.