<kenneth_w_foxat_private> writes: > Is anyone familiar with an attack or probe which begins or ends with scanning > only ports 3128 & 8080 on a target box? I've been seeing alot of this lately > in various places. 3128 is Squid (http://squid.nlanr.net/), and 8080 is a popular alternate port for HTTP and/or web proxies, so somebody's apparently looking for such. There was a problem awhile back with RedHat shipping a cache-manager CGI tool enabled by default. Also see http://www.sans.org/newlook/resources/ringzero.htm for info about a trojan that scans those ports. -- Anthony DeBoer <adbat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:10 PDT