Firewall Wizards mailing list archives

Re: patternmatch for scan

From: "Chuck Swiger" <chuck () codefab com>
Date: Tue, 22 Feb 2000 15:23:11 -0500

On Sat, 19 Feb 2000 08:56:21 -0500, Kenneth_W_Fox () sbphrd com wrote:

Is anyone familiar with an attack or probe which begins or ends with
scanning only ports 3128 & 8080 on a target box? I've been seeing alot of
this lately in various places.


3128 is the default port used by the Squid web proxy; 8080 is another common  
port used either by a web server run by a normal user (as opposed to port  
80, which requires root) or as another common port for proxying.

-Chuck

       Chuck 'Sisyphus' Swiger | chuck () codefab com | Bad cop!  No Donut.
       ------------------------+-------------------+--------------------
       I know that you are an optimist if you think I am a pessimist....

Current thread:

RE: patternmatch for scan Daniel Brady (Feb 23)
- <Possible follow-ups>
- RE: patternmatch for scan Zimmermann, Rolf (Feb 23)
- Re: patternmatch for scan Robert Graham (Feb 23)
- Re: patternmatch for scan Anthony DeBoer (Feb 23)
- RE: patternmatch for scan Martin Machacek (Feb 23)
- Re: patternmatch for scan Rick Ballard (Feb 23)
- Re: patternmatch for scan Cliff Rayman (Feb 24)
- Re: patternmatch for scan Chuck Swiger (Feb 24)
- Re: patternmatch for scan Neil Ratzlaff (Feb 24)
- Re: patternmatch for scan Laurent LEVIER (Feb 24)