RE: Odd scan

[dlaumann () suntzu net]

probably a wingate/open proxy scanner. port 23 with other proxy/socks ports
smells of a wingate scanner.
i remeber seeing a tool that defaulted to most of those ports, maybe
proxyhunter...

-dave

> -----Original Message-----
> From: Fulton L. Preston Jr. [mailto:prestonfl2 () hotmail com]
> Sent: Tuesday, January 29, 2002 11:07 PM
> To: incidents () securityfocus com
> Subject: Odd scan
>
>
> I've seen some interesting scans posted in the past but have 
> never seen this 
> one.  It starts at port 1080 then moves down the usual 
> suspects of 3128, 
> 8080, 81, but then 8081 and 23 show at the end.  This is new 
> to me.  I have 
> seen the 80, 8080, 8081, 3128, and 1080 combo but this one is new, 
> especially the telnet port.  New tool looking for recent vulns?
>
> Jan 30 04:56:19 216.133.249.14:38319 -> x.x.x.x:1080 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38323 -> x.x.x.x:3128 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38324 -> x.x.x.x:8080 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38326 -> x.x.x.x:81 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38332 -> x.x.x.x:8081 SYN ******S*
> Jan 30 04:56:20 216.133.249.14:38334 -> x.x.x.x:23 SYN ******S*
>
>
> _________________________________________________________________
> Join the world's largest e-mail service with MSN Hotmail. 
> http://www.hotmail.com
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com