port scan findings

[Atticus|1]

The last couple of days i have been getting port scanned by a computer that is damn near the same IP as mine. Definitly has the same ISP as me. The port scans are no big deal but this is happening to me 5 times a day. The scan usually looks like they are looking for open proxies.
port - 8080,80,81,3128...etc.

I was bored and decided to port scan the machine and this is what i came up with:


*Port - 113 authentication service
5904,113: userid: unix: zteo......

*Port - 770 ?
220 - bot server (win32)

*Port - 1025 network blackjack

*Port - 1048 sun`s NEO object request broker
220 - welcome to bot ftp service

*5000 ?

*Port - 8190
220 - bot server (win32)

*Port - 12818

*Port - 13491

*Port - 17545
220 bot server (win32)

*Port - 20009

*Port - 20782

Now for kicks i telneted into 1048 sun`s NEO object request broker,entered a password that was there in black and white and looked around.

When i exited telnet it said thanks for stopping by enjoy your infection? What does this mean? I know I`m not infected i just wonder what the hell is going on with this machine?

I figure the box has a trojan or 4 on it and i`m getting port scanned from someone using this box as a zombie. I guess i`m just curious here.

I didn`t want to post the IP here,because i`m sure the owner of the box has no idea they are owned.

Thanks

[SirDice]

Originally posted here by Atticus|1
I figure the box has a trojan or 4 on it and i`m getting port scanned from someone using this box as a zombie.

Sounds like you don't need our help as you've already figured it out
It looks indeed like a trojaned pc. Send your logs to the abuse address of your ISP and have them contact the offending user. That should be enough to make it stop.

[Atticus|1]

ok... I guess the ( "enjoy your infection " ) When exiting telnet got me wondering.

Thanks for the reply

[MrLinus]

"Enjoy your infection" probably meant enjoy playing around with the person you infected rather than it being an indication that you were infected.