460K Results

The 460K Random Run has completed – faster than I anticipated – and the results are in

  • CLOSED PORTS: 441,497
  • DUPE ENTRIES: 5,532

Is that pathetic or what?  Of the new proxies most were end-user type DSL or cable systems in South America, Poland, or Spain (judging by the FQDN).

Here is the interesting part: the 431K hosts with “CLOSED” ports are live hosts.  Maybe they were proxies last week.  Maybe they’ll be proxies next week.   Maybe they are simply IP addresses that have changed hands via DHCP.

This is also the reason it ran faster than I expected.  It was programmed to bypass any testing on closed ports and just go to the next one.

I did a random sampling (nmap) of a few addresses and found – I hate to say it again – “interesting” results.  One address was 100% filtered.  The next had a single (non-proxy) port open.  One had MySQL, VNC, NetBIOS, and HTTP ports open.  That one smelled like a honeypot.

Very curious.  And someone went to a lot of trouble to compile that list.


0 Responses to “460K Results”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s



%d bloggers like this: