Firewall Wizards mailing list archives
RE: patternmatch for scan
From: "Zimmermann, Rolf" <rolfzimmermann () kpmg com>
Date: Tue, 22 Feb 2000 18:56:13 +0100
Port 3128 is the default for squid (proxy). To find a (squid) proxy on port 8080 is highly probable too. So this looks like someone scanning for a squid proxy. As far as I know, there is a vulnerability within squid. Something like "malicous user can gain access". Just take a look a www.securityfocus.com ;-) - Rolf -----Original Message----- From: Kenneth_W_Fox () sbphrd com [mailto:Kenneth_W_Fox () sbphrd com] Sent: Saturday, February 19, 2000 2:56 PM To: firewall-wizards () nfr net Subject: patternmatch for scan Is anyone familiar with an attack or probe which begins or ends with scanning only ports 3128 & 8080 on a target box? I've been seeing alot of this lately in various places. Ken
Current thread:
- RE: patternmatch for scan Daniel Brady (Feb 23)
- <Possible follow-ups>
- RE: patternmatch for scan Zimmermann, Rolf (Feb 23)
- Re: patternmatch for scan Robert Graham (Feb 23)
- Re: patternmatch for scan Anthony DeBoer (Feb 23)
- RE: patternmatch for scan Martin Machacek (Feb 23)
- Re: patternmatch for scan Rick Ballard (Feb 23)
- Re: patternmatch for scan Cliff Rayman (Feb 24)
- Re: patternmatch for scan Chuck Swiger (Feb 24)
- Re: patternmatch for scan Neil Ratzlaff (Feb 24)
- Re: patternmatch for scan Laurent LEVIER (Feb 24)