FW: [Dshield] Scans on ports 3128 & 8080 & 80

Bob Savage bsavage at rnr-inc.com
Sat May 25 11:54:10 GMT 2002


How would a web server be configured as a proxy?  Or put another way,
how would I make sure my ISA server, which functions as a proxy and also
supports OWA web service, is not vulnerable?
 
I know this will seem pretty basic and even dumb, but I'm just trying to
learn something here!
 
Bob Savage

	-----Original Message----- 
	From: Greg Broiles 
	Sent: Fri 5/24/2002 4:27 PM 
	To: list at dshield.org; Jon.Kibler at aset.com 
	Cc: 
	Subject: Re: [Dshield] Scans on ports 3128 & 8080 & 80
	
	

	At 04:06 PM 5/24/2002 -0400, Jon R. Kibler wrote:
	
	>We have gotten hit a bunch of times today from HINET.NET users
scanning on
	>ports 3128, 8080, and 80. Our honey pot on those ports all
capture the
	>same identical "query"...
	>
	>GET http://www.yahoo.com/ HTTP/1.1
	>[...]
	>
	>Can someone please explain exactly what the scanner is trying
to
	>accomplish? Any enlightenment would be GREATLY appreciated.
	
	The person[s] scanning you are looking for open HTTP proxies
they can use;
	3128 is the default port used by Squid, a common proxy, and many
people
	configure webservers to act as proxies on ports 80 or 8080.
	
	
	--
	Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or
0x94245961
	
	_______________________________________________
	Dshield mailing list
	Dshield at dshield.org
	To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
	




More information about the list mailing list