[Dshield] Got an interesting one trapped in the tarpit...

Dean S White dean at achillean.com.au
Mon Sep 23 12:12:22 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ed,
6588 tcp is used by the AnalogX proxy server software. Port scans for
this have increased in recent weeks, esp. on the 8th of this month,

Cheers,

Dean


At 06:46 9/23/2002 -0500, you wrote:

This morning, when I checked LaBrea, I noticed one IP (66.230.215.244)
with
56 threads caught. Checking it out further, I noticed that it was
trying to
hit the following ports:  80, 3128, 8080, and 6588.  I know what the
first
three are for, but the last one I am unfamiliar with.  Any ideas as to
what
type of attack this is, what "script" the kiddies are using here?  I
have
not seen this one before.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
  Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)

iD8DBQE9jwUkwEKihTNbghIRAlpuAJwPtsY0Kuh1ALvsNG0+1gXPnY3w1ACfW7Qw
2AZRWa3AdevteEqCdV8tytE=
=8bcl
-----END PGP SIGNATURE-----


More information about the list mailing list