31 May
2007
31 May
'07
11:58 p.m.
On 5/31/07, up@3.am <up@3.am> wrote:
One of my virtual web host servers have been getting multiple probes to TCP port 1080 (socks) every day for months from AOL IP addresses.
Is AOL known to be doing something relatively innocuous on that port? I ask because I have portsentry null routing IP addresses that make probes like this.
If they're [SOME HEX].ipt.aol.com rDNS'd IPs - those are AOL dialups, so probably compromised / virus infected nodes