[Dshield] Scans on ports 3128 & 8080 & 80

BarkerJr BarkerJr at ClanCdG.com
Fri May 24 21:36:09 GMT 2002


> GET http://www.yahoo.com/ HTTP/1.1
> Host: www.yahoo.com
> Can someone please explain exactly what the scanner is trying to
accomplish? Any enlightenment would be GREATLY appreciated.

Probably testing for open proxies to abuse in spam, irc, or whatever else
you can imagine.  I was getting a whole bunch of requests for full URL's a
few months ago on my server's port 80.  At first I thought they were some
buggy search engine spider, cause real browsers requests start with '/', not
'http://domain'.  But examining the headers of http proxy requests, they
seem formatted this way.

-BarkerJr




More information about the list mailing list