Snort mailing list archives
Re: Proxy Scanner?
From: Nigel Houghton <nigel.houghton () sourcefire com>
Date: 20 Dec 2002 11:04:50 -0500
Looks like a scan for open http proxies. Could be any number of scanning tools. Could be any number of reasons for it, if you are running any of these proxies I suggest setting up some restrictive ACLs or use your firewall to deny un-authenticated traffic from outside your LAN to the proxy server. On Fri, 2002-12-20 at 09:29, Sylar, John wrote:
Lately, I'm seeing this sort of scan alot, from assorted netblocks. Doesn't seem to correlate to the Incidents site. While the source port is not always 0, the destination ports are always the same, in the same order. Does anyone know what tool this might be? Or have some pointers to references for reading? Dec 19 18:39:14 their.i.p.addr:0 -> my.i.p.addr:1080 SYN ******S*
Socks Proxy http://www.socks.permeo.com/
Dec 19 18:39:14 their.i.p.addr:0 -> my.i.p.addr:3128 SYN ******S*
Squid Proxy http://www.squid-cache.org/
Dec 19 18:39:14 their.i.p.addr:0 -> my.i.p.addr:8000 SYN ******S*
Proxy port can be used by any number of proxy servers.
Dec 19 18:39:14 their.i.p.addr:0 -> my.i.p.addr:80 SYN ******S*
Standard http port
Dec 19 18:39:14 their.i.p.addr:0 -> my.i.p.addr:8080 SYN ******S*
http-proxy port
Thanks and best regards, Sam
You might find this link interesting too: http://www.winfosec.com/proxies/ -- Nigel Houghton Security Engineer Sourcefire Inc. ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proxy Scanner? Sylar, John (Dec 20)
- Re: Proxy Scanner? John McCain (Dec 20)
- Re: Proxy Scanner? Nigel Houghton (Dec 20)
- <Possible follow-ups>
- RE: Proxy Scanner? Sylar, John (Dec 20)