[Dshield] Scans on ports 3128 & 8080 & 80
Coxe, John B.
JOHN.B.COXE at saic.com
Fri May 24 21:47:24 GMT 2002
also see http://www.giac.org/practical/simon_devlin_gcia.doc (ringzero)
From: Coxe, John B.
Sent: Friday, May 24, 2002 2:42 PM
To: 'list at dshield.org'
Subject: RE: [Dshield] Scans on ports 3128 & 8080 & 80
Looking for an http proxy to hide their browsing.
From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
Sent: Friday, May 24, 2002 1:07 PM
To: list at dshield.org
Subject: [Dshield] Scans on ports 3128 & 8080 & 80
We have gotten hit a bunch of times today from HINET.NET users scanning on
ports 3128, 8080, and 80. Our honey pot on those ports all capture the same
GET http://www.yahoo.com/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)
Can someone please explain exactly what the scanner is trying to accomplish?
Any enlightenment would be GREATLY appreciated.
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list