Anyone else see this scan come across? It came from a .kr (big surprise i know). Did a quick search and apparently someones seen it before, this something we should be concerned about? (1999 == cisco i don't think thats what they're looking for) (2000 == answerbook that looks a bit better...) Here we go again! -wire [**] [1:620:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 05/22-21:02:32.635898 xx.xx.xx.xx:1999 -> my.ip.ip.ip:8080 TCP TTL:108 TOS:0x0 ID:62984 IpLen:20 DgmLen:48 DF ******S* Seq: 0x55563D20 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:618:1] INFO - Possible Squid Scan [**] [Classification: Attempted Information Leak] [Priority: 2] 05/22-21:02:32.636840 xx.xx.xx.xx:2000 -> my.ip.ip.ip:3128 TCP TTL:108 TOS:0x0 ID:62985 IpLen:20 DgmLen:48 DF ******S* Seq: 0x5556CEA2 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK _____________________________ For the best comics, toys, movies, and more, please visit <http://www.tfaw.com/?qt=wmf> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 09:17:20 PDT