[Full-disclosure] Open proxy scanner experience

[James Lay]

So yesterday a network that I do work for had it¹s mail server scanned.  I
reported the scan (snort reported nmap ­F scan) to the offending netblock
owner, thinking that they had a compromised machine.  I was surprised to
receive an email this morning stating ³Oh that¹s just our open proxy
scanner².  Now....I¹ve dealt with some open proxy scanners and seeing the
activity before, but GOOD GANDHI...they scanned the ENTIRE port range of the
machine..it took almost 3 hours from start to finish.  Has anyone else seen
such aggressive ³open proxy² scanning like that?

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080410/55388533/attachment.html