--- Kenneth_W_Foxat_private wrote: > Is anyone familiar with an attack or probe which begins or ends with scanning > only ports 3128 & 8080 on a target box? I've been seeing alot of this lately > in > various places. It's from people looking for HTTP proxies. I saw a rash of them a few months ago, then they quieted down, now I'm seeing a lot of them again (in fact, just picked one up on my webserver five minutes ago). Port 3128 is 'squid', port 8080 is a commonly chosen variant on 80. See the following for more info: http://www.robertgraham.com/pubs/firewall-seen.html#port3128 ===== Robert Graham http://www.robertgraham.com/pubs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:23 PDT