RE: patternmatch for scan

From: Zimmermann, Rolf (rolfzimmermannat_private)
Date: Tue Feb 22 2000 - 09:56:13 PST

Next message: Michael Cassidy: "Re: Recent Attacks"

Previous message: O'Shea, Dave: "RE: Linux Proxy Server ?"
Maybe in reply to: Kenneth_W_Foxat_private: "patternmatch for scan"
Next in thread: Anthony DeBoer: "Re: patternmatch for scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Port 3128 is the default for squid (proxy). To find a (squid) proxy on port
8080 is highly probable too. So this looks like someone scanning for a squid
proxy. 
As far as I know, there is a vulnerability within squid. Something like
"malicous user can gain access". Just take a look a www.securityfocus.com
;-)

- Rolf

-----Original Message-----
From: Kenneth_W_Foxat_private [mailto:Kenneth_W_Foxat_private]
Sent: Saturday, February 19, 2000 2:56 PM
To: firewall-wizardsat_private
Subject: patternmatch for scan


Is anyone familiar with an attack or probe which begins or ends with
scanning
only ports 3128 & 8080 on a target box? I've been seeing alot of this lately
in
various places.

Ken

Next message: Michael Cassidy: "Re: Recent Attacks"
Previous message: O'Shea, Dave: "RE: Linux Proxy Server ?"
Maybe in reply to: Kenneth_W_Foxat_private: "patternmatch for scan"
Next in thread: Anthony DeBoer: "Re: patternmatch for scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:44 PDT