Security Incidents mailing list archives
RE: Odd scan
From: dlaumann () suntzu net
Date: Wed, 30 Jan 2002 12:35:22 -0600
probably a wingate/open proxy scanner. port 23 with other proxy/socks ports smells of a wingate scanner. i remeber seeing a tool that defaulted to most of those ports, maybe proxyhunter... -dave
-----Original Message----- From: Fulton L. Preston Jr. [mailto:prestonfl2 () hotmail com] Sent: Tuesday, January 29, 2002 11:07 PM To: incidents () securityfocus com Subject: Odd scan I've seen some interesting scans posted in the past but have never seen this one. It starts at port 1080 then moves down the usual suspects of 3128, 8080, 81, but then 8081 and 23 show at the end. This is new to me. I have seen the 80, 8080, 8081, 3128, and 1080 combo but this one is new, especially the telnet port. New tool looking for recent vulns? Jan 30 04:56:19 216.133.249.14:38319 -> x.x.x.x:1080 SYN ******S* Jan 30 04:56:19 216.133.249.14:38323 -> x.x.x.x:3128 SYN ******S* Jan 30 04:56:19 216.133.249.14:38324 -> x.x.x.x:8080 SYN ******S* Jan 30 04:56:19 216.133.249.14:38326 -> x.x.x.x:81 SYN ******S* Jan 30 04:56:19 216.133.249.14:38332 -> x.x.x.x:8081 SYN ******S* Jan 30 04:56:20 216.133.249.14:38334 -> x.x.x.x:23 SYN ******S* _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Odd scan Fulton L. Preston Jr. (Jan 30)
- Re: Odd scan sgtphou (Jan 30)
- <Possible follow-ups>
- RE: Odd scan dlaumann (Jan 30)