Firewall Wizards mailing list archives
Re: patternmatch for scan
From: rb.maillists () ns sympatico ca (Rick Ballard)
Date: Tue, 22 Feb 2000 18:19:04 -0400
Is anyone familiar with an attack or probe which begins or ends with scanning only ports 3128 & 8080 on a target box? I've been seeing alot of this lately in various places.
This is generally from the RingZero trojan. The source hosts are trojanned victims that send the results of their scans to a central site. See: http://www.sans.org/newlook/resources/ringzero.htm -- Rick Ballard Halifax, Nova Scotia, Canada
Current thread:
- RE: patternmatch for scan Daniel Brady (Feb 23)
- <Possible follow-ups>
- RE: patternmatch for scan Zimmermann, Rolf (Feb 23)
- Re: patternmatch for scan Robert Graham (Feb 23)
- Re: patternmatch for scan Anthony DeBoer (Feb 23)
- RE: patternmatch for scan Martin Machacek (Feb 23)
- Re: patternmatch for scan Rick Ballard (Feb 23)
- Re: patternmatch for scan Cliff Rayman (Feb 24)
- Re: patternmatch for scan Chuck Swiger (Feb 24)
- Re: patternmatch for scan Neil Ratzlaff (Feb 24)
- Re: patternmatch for scan Laurent LEVIER (Feb 24)