Information about the Proxyscanner
When are we scanning?
Any client connecting to the euIRC network will be scanned for insecure connections originating from open TCP ports.If you are running a firewall, these scans may be detected as attacks against you. However, we assure you that these scans are harmless. You are free to either accept these scans and warnings associated with them as a necessity or to stop connecting to the euirc network.
What are we scanning?
Following TCP ports are checked for possible risks to euIRC:
23, 80, 1053, 1080, 1180, 1182, 1335, 1336, 1813, 1978, 2280, 2282, 3128, 3380, 3382, 3777, 4480, 5490, 6588, 6667, 7462, 7777, 7778, 8000, 8080, 8081, 8090, 8091, 9000, 9999, 10801, 12345, 12501, 12654, 14393, 15915, 16139, 18317, 18572, 20177, 21055, 22788, 24215, 24759, 25620, 29992, 41417, 41457, 43148, 44320, 48227, 54734, 65506
To correct a rather popular misunderstanding, we would like to point out that it is not sufficient for the Proxyscanner to simply find an open port to deem your host as insecure. In a simplified way, the Proxyscanner requests that your system let the scanner connect to some remote internet resource. If the system tells the scanner "OK" it is considered insecure due to the risk of abuse by a third party. These vulnerabilities could quite possibly be abused not only for attacks on every internet service and content provider but also for use in illegal activities. For your own protection, you should prevent such situations from occurring.
Where are we scanning from?
If you are using a firewall alerting you on scanning events you might want to configure the firewall to accept/ignore the ips/subnets underneath:
|18.104.22.168||Arcor Online GmbH|
|22.214.171.124||VTX Datacomm AG|
|126.96.36.199||EWE TEL GmbH|
How can I find my open proxy?
If you don't know which port is affected and which kind of proxy was found, you can use our online Proxy Check.
Protect your proxy against remote exploit and use from the internet. If you happen to use one of the following proxies or your proxy is not being supported any more, please set up a firewall that blocks the corresponding ports from hostile access attempts, though allowing use of the proxy in local networking environments.
If you are using AnalogX, please keep this software up to date (http://www.analogx.com/contents/download/network/proxy.htm) and provide its configuration (menuitem configure) with the following pieces of information: Proxy Binding: Enter the LAN ip of your workstation. Your ip can be searched out by following these steps:
- Start -> Run ->
winipcfgfor Win9x/ME systems, or
Start -> Run ->
cmdfor Win2000/XP systems
ipconfigwithin the console (Win2000/XP only)
There is a bug on Apache webserver (all versions). If you see positive results for HTTP CONNECT on your webserver, you should update your webserver's configuration to block all HTTP CONNECT requests. For more information concerning this bug, please read http://bugs.php.net/bug.php?id=19113.
If you are using CacheFlow, again, please keep this software up to date and create a so called ACL (access control list) which will be used by the proxy and comprises of addresses and address ranges that are allowed to use the latter. To do so please create a configuration file and enter the following block:
define acl myusers
end acl myusers
ALL acl=!myusers service=no cache=no
nnn.nnn.nnn.nnn equals your Internet Address (IP),
bb equals the number of bits which do not change in your IP, 192.168.0.0/24 would equal 192.168.0.0-192.168.0.255
Upload this file to an arbitrary http webserver and make sure, your proxy is able to access this file. Next go to the proxy's administration page and enter the location/URL of the initially created configuration file under Maintenance -> Filters -> Local File. Finally press the Install button to keep these settings.
If you are using squid, keep this software up to date (www.squid-cache.org) and make sure that your ACL (access control list) is configured properly, enabling proxy access only by the ips allowed. For more information about using and configuring your ACL and/or squid, please visit:
Please do only use WinGate version 2.1 or higher, update your version if it is prior to these (see http://www.deerfield.com/support/wingate/kb/index.htm?a=1314. Subsequently check your security settings again if necessary. For more information about using und securing WinGate against abusive use, please visit:
Here are some resources for information about using other proxies not listed above:
Microsoft Proxy Server
Please utilize a virus scanner for discovering/removing any kind of computer virus and/or worm that might be harmful to your system.
If you have any questions or problems feel free to send an e-mail to firstname.lastname@example.org.