[Dshield] Got an interesting one trapped in the tarpit...
Dean S White
dean at achillean.com.au
Mon Sep 23 12:12:22 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
6588 tcp is used by the AnalogX proxy server software. Port scans for
this have increased in recent weeks, esp. on the 8th of this month,
At 06:46 9/23/2002 -0500, you wrote:
This morning, when I checked LaBrea, I noticed one IP (188.8.131.52)
56 threads caught. Checking it out further, I noticed that it was
hit the following ports: 80, 3128, 8080, and 6588. I know what the
three are for, but the last one I am unfamiliar with. Any ideas as to
type of attack this is, what "script" the kiddies are using here? I
not seen this one before.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
-----END PGP SIGNATURE-----
More information about the list