Firewall Wizards mailing list archives

RE: patternmatch for scan

From: "Zimmermann, Rolf" <rolfzimmermann () kpmg com>
Date: Tue, 22 Feb 2000 18:56:13 +0100

Port 3128 is the default for squid (proxy). To find a (squid) proxy on port
8080 is highly probable too. So this looks like someone scanning for a squid
proxy. 
As far as I know, there is a vulnerability within squid. Something like
"malicous user can gain access". Just take a look a www.securityfocus.com
;-)

- Rolf

-----Original Message-----
From: Kenneth_W_Fox () sbphrd com [mailto:Kenneth_W_Fox () sbphrd com]
Sent: Saturday, February 19, 2000 2:56 PM
To: firewall-wizards () nfr net
Subject: patternmatch for scan


Is anyone familiar with an attack or probe which begins or ends with
scanning
only ports 3128 & 8080 on a target box? I've been seeing alot of this lately
in
various places.

Ken

Current thread:

RE: patternmatch for scan Daniel Brady (Feb 23)
- <Possible follow-ups>
- RE: patternmatch for scan Zimmermann, Rolf (Feb 23)
- Re: patternmatch for scan Robert Graham (Feb 23)
- Re: patternmatch for scan Anthony DeBoer (Feb 23)
- RE: patternmatch for scan Martin Machacek (Feb 23)
- Re: patternmatch for scan Rick Ballard (Feb 23)
- Re: patternmatch for scan Cliff Rayman (Feb 24)
- Re: patternmatch for scan Chuck Swiger (Feb 24)
- Re: patternmatch for scan Neil Ratzlaff (Feb 24)
- Re: patternmatch for scan Laurent LEVIER (Feb 24)