Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - Advertising in your router log

An anonymous reader writes: If you regularly check your router log you may see port scanning attempts from unknown sources. Here's one where a company appears to be advertising their hacking at your firewall. It's the first time I've seen anything like this and am wondering if it's a new business model borrowed from malware authors that exploit an opportunity, then ask for ransom (payment for a removal tool) to get rid of what they gave you. Below is just a small portion of what they did to my log, boldly telling me what they do for a living. 04/06/2008 00:52:02.272 — Sub Seven attack dropped — 204.238.82.4, 50494, WAN, www.securitymetrics.com — 70.89.120.xx, 27374, WAN — 04/06/2008 00:52:34.944 — Back Orifice attack dropped — 204.238.82.4, 49060, WAN, www.securitymetrics.com — 70.89.120.xx, 31337, WAN — 04/06/2008 00:53:21.848 — Ripper attack dropped — 204.238.82.4, 53108, WAN, www.securitymetrics.com — 70.89.120.xx, 2023, WAN — 04/06/2008 01:40:22.480 — Smurf Amplification attack dropped — 204.238.82.4, 8, WAN, www.securitymetrics.com — 70.89.120.xx, 8, WAN — 04/06/2008 01:41:29.800 — Smurf Amplification attack dropped — 204.238.82.4, 8, WAN, www.securitymetrics.com — 70.89.120.xx, 8, WAN — 04/06/2008 01:41:38.576 — Possible port scan dropped — 204.238.82.4, 50059, WAN, www.securitymetrics.com — 70.89.120.xx, 15, WAN — TCP scanned port list, 20031, 5269, 1718, 902, 1718 I contacted the support/abuse contact listed for that IP address and got this reply: — Can you confirm if you have an account with us? If so what is the email address the account is registered under, or what is the IP / Domain that we are testing? Our scan includes a port scan to see what service's are open, then it checks for various known vulnerabilities. So it is not just a port scan but a complete vulnerability scan. Please let us know if you have any additional questions. Scott SecurityMetrics Support 801-705-5700 US support 0207.993.8031 UK support Support@securitymetrics.com While I did ask Scott WTF his company was doing advertising in my log, I doubt my outrage at this ethical lapse on their part will have any effect on their methods. What do you guys think?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Advertising in your router log

Comments Filter:

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin

Working...