ok, this is interesting. another packet from ircu.krypt.com. the host at that address has just about all of its ports open. i haven't seen that before. is this some sort of lure?
*edit*
not a lure - i think it's an open proxy. all those open ports are so that other hosts can use it as a proxy for whatever service they want. i can't find any resource that actually confirms this (and i think that having all ports open doesn't necessarily mean it's an open proxy), but i think that's what it is.
always something new to learn...
trustedsource.org shows that host as having a history of questionable activity, as does siteadvisor.org. Googling the IP/hostname shows tons of unsavory activity. You can determine this without scanning the IP/hostname (which is probably illegal anyways and if it isn't illegal, you're still more than likely violating AUP...your ISP can shut you down for such scans, so be careful).
ReplyDelete