On Wed, 10 Jul 2013 17:04:12 +0200 Logforme m7527@abc.se allegedly wrote:
I assume the ISP did a port scan. Do you have port 9050 open in your firewall?
Unlikely. I think it would be very unusual for an ISP in any country to portscan anyone without prior authority (such as would appear in a contract). Such action is illegal in may jurisdictions. And in any case, Steve has already said that his socks port is bound only to localhost (127.0.0.1). The report from CERT-FI must simply record the fact that they have seen (or had reported) apparent open proxy relaying from Steve's IP address with source port 9050. Without a lot more detail about configuration, and the exact details of the reporting from CERT-FI it is difficult to make any assumptions.
If I were Steve, I would contact CERT-FI directly for more information. They are likely to be very helpful.
Mick
On 2013-07-10 15:57, Steve Snyder wrote:
My ISP recently sent to me a CERT-FI auto-report on malware-infected servers in my ISP's address space. I was send this report because my IP address was among those flagged. My entry looks like this:
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------