Re: What does SCAN Proxy attempt mean ?

["Andrew R. Baker" <andrewb0x29a () yahoo com>]

Yes, all they did was scan for port 8080.  This is used as part of a scan
to detect open http proxy servers.  An open http proxy server can be used
to proxy attacks against an http server thus hiding the attacker.

-A


--- James <the_saint_james () yahoo com> wrote:
>  alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"SCAN Proxy
>  attempt";flags:S; classt$$lasstype:attempted-recon; sid:620; rev:1;)
>
>  Getting lots of these, it looks like this rule is specific for port
> 8080
>  requests, which is a common proxy port. Anything else ? Can't find
> anything
>  at whitehat.com on this rule; it is part of the standard snort distro.
>
>  So they scanned port 8080, is that all ?
>
>  james
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users