Re: patternmatch for scan

From: Anthony DeBoer (adbat_private)
Date: Tue Feb 22 2000 - 10:57:07 PST

Next message: Rick Ballard: "Re: patternmatch for scan"

Previous message: langly: "Re: snooping"
Maybe in reply to: Kenneth_W_Foxat_private: "patternmatch for scan"
Next in thread: Rick Ballard: "Re: patternmatch for scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<kenneth_w_foxat_private> writes:
> Is anyone familiar with an attack or probe which begins or ends with scanning
> only ports 3128 & 8080 on a target box? I've been seeing alot of this lately
> in various places.

3128 is Squid (http://squid.nlanr.net/), and 8080 is a popular alternate
port for HTTP and/or web proxies, so somebody's apparently looking for
such.

There was a problem awhile back with RedHat shipping a cache-manager CGI
tool enabled by default.

Also see http://www.sans.org/newlook/resources/ringzero.htm for info about
a trojan that scans those ports.

-- 
Anthony DeBoer <adbat_private>

Next message: Rick Ballard: "Re: patternmatch for scan"
Previous message: langly: "Re: snooping"
Maybe in reply to: Kenneth_W_Foxat_private: "patternmatch for scan"
Next in thread: Rick Ballard: "Re: patternmatch for scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:10 PDT