> Is anyone familiar with an attack or probe which begins or ends with scanning > only ports 3128 & 8080 on a target box? I've been seeing alot of this lately in > various places. This is generally from the RingZero trojan. The source hosts are trojanned victims that send the results of their scans to a central site. See : http://www.sans.org/newlook/resources/ringzero.htm -- Rick Ballard Halifax, Nova Scotia, Canada
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:11 PDT