Support

Proxy Scanner

Content

Information
Fixing problems
Contact



Information about the Proxyscanner

When are we scanning?

Any client connecting to the euIRC network will be scanned for insecure connections originating from open TCP ports.If you are running a firewall, these scans may be detected as attacks against you. However, we assure you that these scans are harmless. You are free to either accept these scans and warnings associated with them as a necessity or to stop connecting to the euirc network.


What are we scanning?

Following TCP ports are checked for possible risks to euIRC:
23, 80, 1053, 1080, 1180, 1182, 1335, 1336, 1813, 1978, 2280, 2282, 3128, 3380, 3382, 3777, 4480, 5490, 6588, 6667, 7462, 7777, 7778, 8000, 8080, 8081, 8090, 8091, 9000, 9999, 10801, 12345, 12501, 12654, 14393, 15915, 16139, 18317, 18572, 20177, 21055, 22788, 24215, 24759, 25620, 29992, 41417, 41457, 43148, 44320, 48227, 54734, 65506


To correct a rather popular misunderstanding, we would like to point out that it is not sufficient for the Proxyscanner to simply find an open port to deem your host as insecure. In a simplified way, the Proxyscanner requests that your system let the scanner connect to some remote internet resource. If the system tells the scanner "OK" it is considered insecure due to the risk of abuse by a third party. These vulnerabilities could quite possibly be abused not only for attacks on every internet service and content provider but also for use in illegal activities. For your own protection, you should prevent such situations from occurring.


Where are we scanning from?

If you are using a firewall alerting you on scanning events you might want to configure the firewall to accept/ignore the ips/subnets underneath:


IP/Subnet Hoster
83.137.41.33 nemox.net
151.189.0.165 Arcor Online GmbH
212.40.5.191 VTX Datacomm AG
212.6.106.76 EWE TEL GmbH

How can I find my open proxy?

If you don't know which port is affected and which kind of proxy was found, you can use our online Proxy Check.



Fixing problems

Protect your proxy against remote exploit and use from the internet. If you happen to use one of the following proxies or your proxy is not being supported any more, please set up a firewall that blocks the corresponding ports from hostile access attempts, though allowing use of the proxy in local networking environments.


AnalogX

If you are using AnalogX, please keep this software up to date (http://www.analogx.com/contents/download/network/proxy.htm) and provide its configuration (menuitem configure) with the following pieces of information: Proxy Binding: Enter the LAN ip of your workstation. Your ip can be searched out by following these steps:

  • Start -> Run -> winipcfg for Win9x/ME systems, or
    Start -> Run -> cmd for Win2000/XP systems
  • ipconfig within the console (Win2000/XP only)

Apache

There is a bug on Apache webserver (all versions). If you see positive results for HTTP CONNECT on your webserver, you should update your webserver's configuration to block all HTTP CONNECT requests. For more information concerning this bug, please read http://bugs.php.net/bug.php?id=19113.


CacheFlow/BlueCoat

If you are using CacheFlow, again, please keep this software up to date and create a so called ACL (access control list) which will be used by the proxy and comprises of addresses and address ranges that are allowed to use the latter. To do so please create a configuration file and enter the following block:
define acl myusers
nnn.nnn.nnn.nnn/bb
end acl myusers
ALL acl=!myusers service=no cache=no

nnn.nnn.nnn.nnn equals your Internet Address (IP), bb equals the number of bits which do not change in your IP, 192.168.0.0/24 would equal 192.168.0.0-192.168.0.255

Upload this file to an arbitrary http webserver and make sure, your proxy is able to access this file. Next go to the proxy's administration page and enter the location/URL of the initially created configuration file under Maintenance -> Filters -> Local File. Finally press the Install button to keep these settings.


Squid

If you are using squid, keep this software up to date (www.squid-cache.org) and make sure that your ACL (access control list) is configured properly, enabling proxy access only by the ips allowed. For more information about using and configuring your ACL and/or squid, please visit:
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.2


WinGate

Please do only use WinGate version 2.1 or higher, update your version if it is prior to these (see http://www.deerfield.com/support/wingate/kb/index.htm?a=1314. Subsequently check your security settings again if necessary. For more information about using und securing WinGate against abusive use, please visit:
http://www.deerfield.com/support/wingate/kb/index.htm?a=1146


Other Proxies

Here are some resources for information about using other proxies not listed above:

Microsoft Proxy Server
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnproxy/html/msdn_proxycase.asp

Sygate Server
http://www.sygate.com/

WinProxy
http://www.winproxy.com/

WinRoute
http://www.kerio.com/


NetBus, Mindjail

Please utilize a virus scanner for discovering/removing any kind of computer virus and/or worm that might be harmful to your system.



Contact

If you have any questions or problems feel free to send an e-mail to scanner@euirc.net.

Voting

There is no voting at the moment.

Voting archive