Re: Increase in squid scanning...

From: Baribault, Gary (gary@baribault.net)
Date: 03/05/02


Date: Tue, 05 Mar 2002 13:08:15 -0500
To: "switched" <security-mail@q-east.net>, <incidents@securityfocus.com>
From: "Baribault, Gary" <gary@baribault.net>

I have gotten a number of scans for 1080, 8080, 8000 in the last few days,
but not from those source addresses.

Gary Baribault

At 10:36 AM 3/5/2002 -0600, switched wrote:
>Has anyone seen a large increase in squid/proxy scans lately? I'm getting
>these two IPs more than 3 or 4 times daily scanning me for squid/proxy at
>the same exact time. 217.81.20.130 seems to be home.spykid.de (so says the
>webpage on port 80) and I don't have any addtional information on
>80.116.181.170 but both appear to be scanning the same networks everyday.
>
>
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)