[Nlnog] Cyberangels?

On Thu, Apr 24, 2003 at 09:28:19AM +0200, Sabri Berisha wrote: Hi,

Is er iemand op deze lijst die hier meer van weet? Filtert iemand ze al?

Ter FYI: ik heb vandaag es zitten monitoren wat er heen en weer gaat aan traffic: tcpdump: listening on eth2 12:57:18.129334 213.136.0.33 > 217.21.112.1: icmp: echo request 12:57:18.132196 217.21.112.1 > 213.136.0.33: icmp: echo reply 14:33:00.323067 213.136.12.52.36147 > 217.21.112.2.53: 13572[|domain] 14:33:00.325041 217.21.112.2.53 > 213.136.12.52.36147: 13572 NXDomain*[|domain] (DF) 14:55:19.949765 217.21.114.70.0 > 213.136.23.169.3128: S 9240:9240(0) win 512 (DF) 14:55:19.969837 217.21.114.70.0 > 213.136.3.140.3128: S 9265:9265(0) win 512 (DF) 14:55:19.969975 217.21.114.70.0 > 213.136.3.130.3128: S 9263:9263(0) win 512 (DF) 14:55:20.009411 217.21.114.70.0 > 213.136.3.216.3128: S 9300:9300(0) win 512 (DF) 14:55:20.009876 213.136.3.130.3128 > 217.21.114.70.0: R 0:0(0) ack 9264 win 0 14:55:20.029460 217.21.114.70.0 > 213.136.3.4.3128: S 9291:9291(0) win 512 (DF) 14:55:20.029766 217.21.114.70.0 > 213.136.3.61.3128: S 9266:9266(0) win 512 (DF)14:55:20.064095 213.136.3.216.3128 > 217.21.114.70.0: R 0:0(0) ack 9301 win 0 14:55:20.089912 217.21.114.70.0 > 213.136.3.9.3128: S 9307:9307(0) win 512 (DF) 14:55:20.099920 213.136.3.4.3128 > 217.21.114.70.0: R 9291:9291(0) ack 9292 win 512 (DF) 14:55:20.117217 213.136.3.9.3128 > 217.21.114.70.0: S 432233594:432233594(0) ack 9308 win 8760 <mss 1460> (DF) 14:55:20.119815 217.21.114.70.0 > 213.136.3.9.3128: R 9308:9308(0) win 0 14:55:20.124121 213.136.3.140.3128 > 217.21.114.70.0: R 0:0(0) ack 9266 win 0 14:55:21.002361 213.136.3.61.3128 > 217.21.114.70.0: S 740035615:740035615(0) ack 9267 win 8576 <mss 1460> (DF) 14:55:21.004946 217.21.114.70.0 > 213.136.3.61.3128: R 9267:9267(0) win 0 15:11:27.643169 213.136.12.52.40787 > 217.21.112.2.53: 57752[|domain] 15:11:27.645462 217.21.112.2.53 > 213.136.12.52.40787: 57752 NXDomain* 0/1/0 (109) (DF) 15:11:33.038605 213.136.12.52.54082 > 217.21.112.3.53: 58010[|domain] 15:11:33.040617 217.21.112.3.53 > 213.136.12.52.54082: 58010*[|domain] (DF) 15:12:04.731218 217.21.114.70.0 > 213.136.23.169.80: S 25510:25510(0) win 512 (DF) 15:12:04.731528 217.21.114.70.0 > 213.136.3.130.80: S 25494:25494(0) win 512 (DF) 15:12:04.771182 217.21.114.70.0 > 213.136.3.140.80: S 25551:25551(0) win 512 (DF) 15:12:04.792398 217.21.114.70.0 > 213.136.3.228.80: S 25439:25439(0) win 512 (DF) 15:12:04.811510 217.21.114.70.0 > 213.136.3.61.80: S 25495:25495(0) win 512 (DF)15:12:04.811511 217.21.114.70.0 > 213.136.3.4.80: S 25511:25511(0) win 512 (DF) 15:12:04.831662 217.21.114.70.0 > 213.136.3.9.80: S 25465:25465(0) win 512 (DF) 15:12:04.832764 217.21.114.70.0 > 213.136.3.216.80: S 25515:25515(0) win 512 (DF) 15:12:04.835750 213.136.3.228.80 > 217.21.114.70.0: R 0:0(0) ack 25440 win 0 15:12:04.848318 213.136.3.61.80 > 217.21.114.70.0: R 0:0(0) ack 25496 win 0 15:12:04.855898 213.136.3.4.80 > 217.21.114.70.0: R 0:0(0) ack 25512 win 0 15:12:04.944980 213.136.3.140.80 > 217.21.114.70.0: R 0:0(0) ack 25552 win 0 15:12:04.973020 213.136.3.216.80 > 217.21.114.70.0: R 0:0(0) ack 25516 win 0 15:32:11.464848 217.21.114.70.0 > 213.136.23.169.8080: S 41768:41768(0) win 512 (DF) 15:32:11.484729 217.21.114.70.0 > 213.136.3.216.8080: S 41711:41711(0) win 512 (DF) 15:32:11.485378 217.21.114.70.0 > 213.136.3.4.8080: S 41695:41695(0) win 512 (DF) 15:32:11.524320 217.21.114.70.0 > 213.136.3.9.8080: S 41769:41769(0) win 512 (DF) 15:32:11.524323 217.21.114.70.0 > 213.136.3.61.8080: S 41746:41746(0) win 512 (DF) 15:32:11.536248 213.136.3.4.8080 > 217.21.114.70.0: R 41695:41695(0) ack 41696 win 512 (DF) 15:32:11.563426 213.136.3.61.8080 > 217.21.114.70.0: R 0:0(0) ack 41747 win 0 15:32:11.606648 213.136.3.216.8080 > 217.21.114.70.0: R 0:0(0) ack 41712 win 0 213.136.3.0/24 is een inbelrange van ons. Kennelijk zijn ze op zoek naar open proxies. Het source ip resolvet: office-005.client.cyberangels.nl. Ik heb ze ondertussen in de filters. -- Sabri Berisha "I route, therefore you are" Per user RBL checking: http://www.cluecentral.net/rblcheck/