cancel
Showing results for 
Search instead for 
Did you mean: 

Proxy scanning??

N/A

Proxy scanning??

I found out today that a mate who was using my wireless at home on his laptop was trying to break into his own website using my connection!!

This dropped out my connection several times, something he calls proxy scanning??

1) He wants to know if plusnet block proxy scanning (he said that disconnected my router a few times)

2) more importantly.... I want to know if he's doing something illegal from my IP address (it is his own site, but isn't that still hacking??) Evil

He says its not illegal to search them, but I'm not so sure...

Any info would be helpful


Thanks

Alex
19 REPLIES
NigelWood
Grafter
Posts: 76
Registered: 15-08-2007

Proxy scanning??

Quote
I found out today that a mate who was using my wireless at home on his laptop was trying to break into his own website using my connection!!

This dropped out my connection several times, something he calls proxy scanning??

Searching networks for computers with exploitable services, in his case proxies. Open Proxies
Quote

1) He wants to know if Plusnet block proxy scanning (he said that disconnected my router a few times)

Yes, we block access to some commonly abused/exploited ports. If he cycled through lots of ports on his own computers rapidly its possible he could swamp or adversely affect your network but it's more likely if he was scanning a larger group of other people's computers.

Quote

2) more importantly.... I want to know if he's doing something illegal from my IP address (it is his own site, but isn't that still hacking??) Evil He says its not illegal to search them, but I'm not so sure...

Scanning your own network facing equiptment is legal and advisable. The legality of unsolicited scans is dubious and a matter for lawyers as intent is important. Using a proxy or other open service found by unsolicited scanning is definitely illegal in the UK.

It's largely irrelevant however. Port/Vunerablity scanning of anything but your own machines is forbidden by our abuse policy. Breaking this policy can result in us suspending/ canceling your account.
Reporting Abuse


Was your friend polite enough to ask your permission before indulging in this behavior through your equiptment? I assume you have encryption enabled on your wireless connection?
N/A

hmm reminds me of the time

you naughty boy. Tongue

Reminds me of the time i was running one of the eeye vuln checking tools against some dev dcom gatways I forgot to put the correct range/mask in for the 32 IP's i wanted to scan.


Infact I had set it to scan the whole 19.*.*.* range, got into work the following monday to some funny looks.

The scanner still running.

when this particular program scans a machine it reports/sends a windows messenger message to the console say this machine has been acanned by "sourcename:sourceuser etc etc"


I had plenty of very angry sysadmins rollocking me..

thought my audit did find around 200 insecure nt4 boxes and the like, so it wasn't all in vain.

it very nearly cost me my job.I mean who the hell would use a Class A network internally.
N/A

Proxy scanning??

Thanks guys for the info...

My 'mate' only mentioned that he wanted to test his site remotely.... I expect he thought asking me about hacking his own site would have stirred suspicions in my head... but at least I know not to let him mess around with it now... knowing him, it probably wasn't legit, hence why I've asked this lol

Yes I have WPA setup, I guess I'll need to change my key incase he can access it outside my house!! Not that he's like that, he laughed about it all, but thats just him...

Cheers guys
blowdart
Grafter
Posts: 93
Registered: 04-08-2007

Re: hmm reminds me of the time

Quote

it very nearly cost me my job.I mean who the hell would use a Class A network internally.


Microsoft and IBM for starters.

I also know a certain governmental setup has it as well.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Proxy scanning??

OK, if its confession time, I managed to perform an unwitting denial of service attack on my own router, when scanning my web server for venerability’s.

Shockedops:

Chilly
blowdart
Grafter
Posts: 93
Registered: 04-08-2007

Proxy scanning??

Quote

Yes, we block access to some commonly abused/exploited ports. If he cycled through lots of ports on his own computers rapidly its possible he could swamp or adversely affect your network but it's more likely if he was scanning a larger group of other people's computers.


Hold on here. You're port blocking? Where is this documented, what ports, what protocols and in what direction/where on your network?
shellsong
Grafter
Posts: 2,191
Registered: 03-08-2007

Proxy scanning??

Quote
OK, if its confession time, I managed to perform an unwitting denial of service attack on my own router, when scanning my web server for venerability’s.


OK-- how old was it? :lol:
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Proxy scanning??

Quote

Hold on here. You're port blocking? Where is this documented, what ports, what protocols and in what direction/where on your network?


Easy, Its only the common vulnerability ports that are blocked.

Quote
Hi,

The ports currently blocked are listed below, with a brief explanation of the associated risk:-

135 - MSblast/Nachi RPC Exploit Attack
TCP/UDP Port 137 - Used by W32.Opaserv Worm, scans for available open shares **
TCP/UDP Port 139 - Open share connection attempts for file shares on Win 9x, ME & NT **
TCP Port 445 - Sasser/Agobot/GenericBot/Open share connection attempts for file shares on Win 2K, XP & Win 2K3
UDP Ports 1026-1029 - Used by messenger spam **
TCP Ports 1023-1028 - Used by messenger spam/Lsass Vulnerability/NetSpy **
TCP Port 1434 - SQL Slammer
TCP Port 12345 - Netbus Trojan **

** Broadband Plus/Homesurf accounts only

From this tread;
http://portal.plus.net/central/forums/viewtopic.php?t=34746


Chilly

OK Penguins can not spell
blowdart
Grafter
Posts: 93
Registered: 04-08-2007

Proxy scanning??

So it's documented in a bulletin board post? Is that it? Why isn't it made clear at signup that some ports will be blocked? Why isn't it in the help system anywhere?

Luckily for me its only on Broadband Plus/Homesurf accounts only.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Proxy scanning??

It may be documented else where it is just that I searched on the forums for an answer.

I have to ask which of those ports are you using?

As they are not normally used outside of a secure LAN.

Chilly
blowdart
Grafter
Posts: 93
Registered: 04-08-2007

Proxy scanning??

Quote

As they are not normally used outside of a secure LAN.


1434 in and out to certain limited IP ranges. It does actually have a proper use for enumerating SQL instances.

This does make me wonder what happens on throttling, because when replicating databases the speed sucks quite a lot of the time.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Proxy scanning??

I will raise the point about there not being a list of blocked ports, anywhere in the help pages, over on the PlusNet User group.

My understanding is that this list is also different for Business accounts.

Chilly
blowdart
Grafter
Posts: 93
Registered: 04-08-2007

Proxy scanning??

Quote

My understanding is that this list is also different for Business accounts.


Frankly I would hope there is no list at all for business accounts, and that home accounts may have the option to turn port blocking off, but I doubt that the network setup is that flexible.

Perhaps someone wearing a support hat could tell me what port blocking my account is liable to encounter?
N/A

Proxy scanning??

Hey guys, thanks for all your help...

I've had a word with my 'mate'...it seems I got confused... and it turns out that he wasn't port scanning, but searching for proxies on the internet with a program....

He seemed quite legit and serious when he actually told me that yes port scanning is illegal in the UK, but scanning for proxies isn't illegalHuh He then showed me some sites which freely give out these proxies....

He said he needed proxies to try to 'Brute Force' his site..., says thats how hackers would get into his site... it has some sort of login page which is different from a pop up password box...

Is scanning for proxies illegal?? I have mate in Cisco networking who says its not illegal to scan for them, but I'm not sure what Plusnets policy is.... he did agree that port scanning is very much illegal... if it is legal then I don't mind my mate doing this, but if it is illegal then I don't want him to use my network...


Thanks guys...