OK.. What do they expect to find? That's just it, I
don't know! (We can speculate right?)
But here's an interesting story (the names have been changed to protect the
guilty). I was working here late on night when AtGuard(AG) poped up and informed
me a certain DNS number was trying to UDP (TCP subnet protocal) my system on
port 2120. I started NeoTrace and ran the DNS, nothing... an unregistered mail
server perhaps. So I went to WS_Ping Pak and started tracing every which way. In
the meantime this guy or his scan program wasn't giving up, it kept going up the
Port List 2323, 2340, 2450, etc.. all told it made ten (10) attempts before I
told AG to block it permanently. It got really annoying!!
I kept running the DNS and finally I got transfered to
the web address that was using it.
WOW!! This was one big outfit!! What kinda outfit ya ask? A Telco... As a matter
of fact they are the internet arm of several major telephone companies here in
Canada. I printed all the traces, bookmarked the site and got the log report
from AG, hey this could be big news.. I even had my ISP provide me with their
server logs for that day and the day before and the day after.
Yep, you're right, there it was in the middle of the night, UDP requests to everyone online, which happened to be me and a tech guy but he wasn't using a firewall. So what was it all about? Who knows!! What I do know, it wasn't some love struck server put'n the moves on my old 300mhz AMD... (More speculation here.)
So what did I do? Nothing.. What can you say, could be some new kinda new internet testing program, like the computer program your local telephone company runs every day to test the lines and detected illegal bugging equipement, oh I mean bad grounds on your telephone line. If it were to happen a second time then I'd take it personal. As it was I gave all the info to my ISP and Wired to create a record of the incident.
Another story, I'll make it short.. I do alot of private email forwarding, and handle the email for several of my clients, so I scan everything passing through my system. G what's happening here! Someone is sending one of my clients an .exe acuteable containing the Happy99 virus. First I send them a note telling them this file won't run on my computer. All I get in return is an auto-reply with another copy of the .exe attached, ya and it contains the virus too. I write root@ asking if [email protected] is a legit user. Hey these guys were back to me less than an hour, and yes it was a valid address.
I FWD'd them the email, attached virus an all, and the
Norton's AV, Fix-It AV and Fprot reports asking them to look into this. G a week
goes by so I drop them a note.. nothing... Ya don't think they're more than a
little embarrassed to tell me someone hi-jacked their mail server and used dummy
accounts to distribute this happy little virus huh..
So how many people do you think got their systems trashed? (Speculation goes
here)