Firewall Wizards mailing list archives
Re: patternmatch for scan
From: adb () news onramp ca (Anthony DeBoer)
Date: 22 Feb 2000 18:57:07 -0000
<kenneth_w_fox () sbphrd com> writes:
Is anyone familiar with an attack or probe which begins or ends with scanning only ports 3128 & 8080 on a target box? I've been seeing alot of this lately in various places.
3128 is Squid (http://squid.nlanr.net/), and 8080 is a popular alternate port for HTTP and/or web proxies, so somebody's apparently looking for such. There was a problem awhile back with RedHat shipping a cache-manager CGI tool enabled by default. Also see http://www.sans.org/newlook/resources/ringzero.htm for info about a trojan that scans those ports. -- Anthony DeBoer <adb () news onramp ca>
Current thread:
- RE: patternmatch for scan Daniel Brady (Feb 23)
- <Possible follow-ups>
- RE: patternmatch for scan Zimmermann, Rolf (Feb 23)
- Re: patternmatch for scan Robert Graham (Feb 23)
- Re: patternmatch for scan Anthony DeBoer (Feb 23)
- RE: patternmatch for scan Martin Machacek (Feb 23)
- Re: patternmatch for scan Rick Ballard (Feb 23)
- Re: patternmatch for scan Cliff Rayman (Feb 24)
- Re: patternmatch for scan Chuck Swiger (Feb 24)
- Re: patternmatch for scan Neil Ratzlaff (Feb 24)
- Re: patternmatch for scan Laurent LEVIER (Feb 24)