RE: Odd scan

From: dlaumann@suntzu.net
Date: 01/30/02 

From: dlaumann@suntzu.net
To: incidents@securityfocus.com
Date: Wed, 30 Jan 2002 12:35:22 -0600

probably a wingate/open proxy scanner. port 23 with other proxy/socks ports
smells of a wingate scanner.
i remeber seeing a tool that defaulted to most of those ports, maybe
proxyhunter...

-dave

> -----Original Message-----
> From: Fulton L. Preston Jr. [mailto:prestonfl2@hotmail.com]
> Sent: Tuesday, January 29, 2002 11:07 PM
> To: incidents@securityfocus.com
> Subject: Odd scan
>
>
> I've seen some interesting scans posted in the past but have
> never seen this
> one. It starts at port 1080 then moves down the usual
> suspects of 3128,
> 8080, 81, but then 8081 and 23 show at the end. This is new
> to me. I have
> seen the 80, 8080, 8081, 3128, and 1080 combo but this one is new,
> especially the telnet port. New tool looking for recent vulns?
>
> Jan 30 04:56:19 216.133.249.14:38319 -> x.x.x.x:1080 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38323 -> x.x.x.x:3128 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38324 -> x.x.x.x:8080 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38326 -> x.x.x.x:81 SYN ******S*
> Jan 30 04:56:19 216.133.249.14:38332 -> x.x.x.x:8081 SYN ******S*
> Jan 30 04:56:20 216.133.249.14:38334 -> x.x.x.x:23 SYN ******S*
>
>
> _________________________________________________________________
> Join the world's largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Quantcast