RE: Odd scan

From: dlaumannat_private
Date: Wed Jan 30 2002 - 10:35:22 PST

  • Next message: Dave Ockwell-Jenner: "RE: DDoS to microsoft sites"

    probably a wingate/open proxy scanner. port 23 with other proxy/socks ports
    smells of a wingate scanner.
    i remeber seeing a tool that defaulted to most of those ports, maybe
    proxyhunter...
    
    -dave
    
    > -----Original Message-----
    > From: Fulton L. Preston Jr. [mailto:prestonfl2at_private]
    > Sent: Tuesday, January 29, 2002 11:07 PM
    > To: incidentsat_private
    > Subject: Odd scan
    > 
    > 
    > I've seen some interesting scans posted in the past but have 
    > never seen this 
    > one.  It starts at port 1080 then moves down the usual 
    > suspects of 3128, 
    > 8080, 81, but then 8081 and 23 show at the end.  This is new 
    > to me.  I have 
    > seen the 80, 8080, 8081, 3128, and 1080 combo but this one is new, 
    > especially the telnet port.  New tool looking for recent vulns?
    > 
    > Jan 30 04:56:19 216.133.249.14:38319 -> x.x.x.x:1080 SYN ******S*
    > Jan 30 04:56:19 216.133.249.14:38323 -> x.x.x.x:3128 SYN ******S*
    > Jan 30 04:56:19 216.133.249.14:38324 -> x.x.x.x:8080 SYN ******S*
    > Jan 30 04:56:19 216.133.249.14:38326 -> x.x.x.x:81 SYN ******S*
    > Jan 30 04:56:19 216.133.249.14:38332 -> x.x.x.x:8081 SYN ******S*
    > Jan 30 04:56:20 216.133.249.14:38334 -> x.x.x.x:23 SYN ******S*
    > 
    > 
    > _________________________________________________________________
    > Join the world's largest e-mail service with MSN Hotmail. 
    > http://www.hotmail.com
    > 
    > 
    > --------------------------------------------------------------
    > --------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management 
    > and tracking system please see: http://aris.securityfocus.com
    > 
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 11:26:44 PST