Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Advertising in your router log

Anonymous Coward writes | more than 6 years ago

Security 0

An anonymous reader writes "If you regularly check your router log you may see port scanning attempts from unknown sources. Here's one where a company appears to be advertising their hacking at your firewall. It's the first time I've seen anything like this and am wondering if it's a new business model borrowed from malware authors that exploit an opportunity, then ask for ransom (payment for a removal tool) to get rid of what they gave you. Below is just a small portion of what they did to my log, boldly telling me what they do for a living. 04/06/2008 00:52:02.272 — Sub Seven attack dropped — 204.238.82.4, 50494, WAN, www.securitymetrics.com — 70.89.120.xx, 27374, WAN — 04/06/2008 00:52:34.944 — Back Orifice attack dropped — 204.238.82.4, 49060, WAN, www.securitymetrics.com — 70.89.120.xx, 31337, WAN — 04/06/2008 00:53:21.848 — Ripper attack dropped — 204.238.82.4, 53108, WAN, www.securitymetrics.com — 70.89.120.xx, 2023, WAN — 04/06/2008 01:40:22.480 — Smurf Amplification attack dropped — 204.238.82.4, 8, WAN, www.securitymetrics.com — 70.89.120.xx, 8, WAN — 04/06/2008 01:41:29.800 — Smurf Amplification attack dropped — 204.238.82.4, 8, WAN, www.securitymetrics.com — 70.89.120.xx, 8, WAN — 04/06/2008 01:41:38.576 — Possible port scan dropped — 204.238.82.4, 50059, WAN, www.securitymetrics.com — 70.89.120.xx, 15, WAN — TCP scanned port list, 20031, 5269, 1718, 902, 1718 I contacted the support/abuse contact listed for that IP address and got this reply: — Can you confirm if you have an account with us? If so what is the email address the account is registered under, or what is the IP / Domain that we are testing? Our scan includes a port scan to see what service's are open, then it checks for various known vulnerabilities. So it is not just a port scan but a complete vulnerability scan. Please let us know if you have any additional questions. Scott SecurityMetrics Support 801-705-5700 US support 0207.993.8031 UK support Support@securitymetrics.com While I did ask Scott WTF his company was doing advertising in my log, I doubt my outrage at this ethical lapse on their part will have any effect on their methods. What do you guys think?"

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>