CL> Date: Tue, 10 Feb 2004 13:43:41 -0500 CL> From: Chuck Lewis
CL> Thanks. And I agree (about the upstream reporting) :-) That's definitely the correct thing. Many clueful bandwidth providers put a fair amount of effort into security. I also WOULD NOT run automated reactionary IP blocking unless you _really_ understand what you're doing. They're a great way to shoot yourself in the foot, and frequently accomplish nothing positive. CL> But what does: CL> CL> " It seems somebody in our network have SOCKS proxy CL> configured with your host" CL> CL> mean to you ? Is this just a diversion or what ? SOCKS proxies often are not properly secured. Perhaps the network had an erroneous proxy configuration, or perhaps they were scanning maliciously. Maybe a machine had been infected and was trojaned. Your effort is best put into maintaining your system(s). We receive thousands of suspicious packets each day. It just isn't worth chasing down 99.99% of them. PayPal/bank/ID phishing is another matter... Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
