Security Incidents mailing list archives
Re: Exploit on tcp/4128?
From: "Doug Rutherford" <druther () yukoncollege yk ca>
Date: Mon, 14 Feb 2005 15:52:04 -0800
David Gillett wrote:
3128 is a commonly-scanned proxy port. Maybe it's a typo?
3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp and udp) trojans also use this port.
There is a note on the ISC web site (http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40) that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use for something else.
Hope this is of some help... -- Doug Rutherford Professional Studies Division Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4
Current thread:
- Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)
- RE: Exploit on tcp/4128? Jeff Mickey (Feb 14)
- Re: Exploit on tcp/4128? Doug Rutherford (Feb 15)
- Re: Exploit on tcp/4128? James Eaton-Lee (Feb 14)
- <Possible follow-ups>
- RE: Exploit on tcp/4128? Butterworth, Jim (Feb 14)
- RE: Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- Re: Exploit on tcp/4128? H Carvey (Feb 15)
- RE: Exploit on tcp/4128? Mueller, Lance (Feb 15)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)