Re: Port 1080 probes from AOL

North American Network Operators Group

Re: Port 1080 probes from AOL

From: Suresh Ramasubramanian
Date: Fri Jun 01 00:02:16 2007

Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KiQRb7JXj/eZGvlcBeE6V5ric3tywc62buhmZBPmsWuvPGx9wHXZ/fvLCpowxB+A4369yhbPPo8larVSHPn8VV7dLsvzKm/LVd7sagypcMIe2yHfiT5/sVlgEPfjCfU6ecwnSLAHuPj8jxoqQqOM9v/S7zXRC73Koh8lFHapFjo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=E8iEteQM6LZQ5OllvGOMLzSAIrhq0XMVyO25QCDOqZha6/pgd55w1bkVVWGqlmOw4T6y0fwlFVxKJPYvg2i+bLgsRIysmdrz4E/Mujqle9zZnJZ2QRsjPRHO1j4CgsBYyJx4pmElUaQDvJcmaQXuIEv8xcp5h36NXcJY/JgMbTc=

On 5/31/07, [email protected] <[email protected]> wrote:

One of my virtual web host servers have been getting multiple probes to
TCP port 1080 (socks) every day for months from AOL IP addresses.

Is AOL known to be doing something relatively innocuous on that port?  I
ask because I have portsentry null routing IP addresses that make probes
like this.


If they're  [SOME HEX].ipt.aol.com rDNS'd IPs - those are AOL dialups,
so probably compromised / virus infected nodes

Next by Date: Re: NANOG 40 agenda posted
Date Index
Thread Index
Author Index
Historical