[Dshield] Scans on ports 3128 & 8080 & 80

Coxe, John B. JOHN.B.COXE at saic.com
Fri May 24 21:47:24 GMT 2002


also see http://www.giac.org/practical/simon_devlin_gcia.doc (ringzero)

-----Original Message-----
From: Coxe, John B. 
Sent: Friday, May 24, 2002 2:42 PM
To: 'list at dshield.org'
Subject: RE: [Dshield] Scans on ports 3128 & 8080 & 80


Looking for an http proxy to hide their browsing.

-----Original Message-----
From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
Sent: Friday, May 24, 2002 1:07 PM
To: list at dshield.org
Subject: [Dshield] Scans on ports 3128 & 8080 & 80


We have gotten hit a bunch of times today from HINET.NET users scanning on
ports 3128, 8080, and 80. Our honey pot on those ports all capture the same
identical "query"...

GET http://www.yahoo.com/ HTTP/1.1

Host: www.yahoo.com

Accept: */*

Pragma: no-cache

User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)





Can someone please explain exactly what the scanner is trying to accomplish?
Any enlightenment would be GREATLY appreciated.

Jon Kibler

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list