Port 3128 is the default for squid (proxy). To find a (squid) proxy on port 8080 is highly probable too. So this looks like someone scanning for a squid proxy. As far as I know, there is a vulnerability within squid. Something like "malicous user can gain access". Just take a look a www.securityfocus.com ;-) - Rolf -----Original Message----- From: Kenneth_W_Foxat_private [mailto:Kenneth_W_Foxat_private] Sent: Saturday, February 19, 2000 2:56 PM To: firewall-wizardsat_private Subject: patternmatch for scan Is anyone familiar with an attack or probe which begins or ends with scanning only ports 3128 & 8080 on a target box? I've been seeing alot of this lately in various places. Ken
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:44 PDT