Re: scanning for HTTP proxies, ports 80, 81, 1080, 3128, 4480, 6588, 8000, 8080, 8081
From: faded (faded@911.net)Date: 07/29/02
- Previous message: Bukys, Liudvikas: "scanning for HTTP proxies, ports 80, 81, 1080, 3128, 4480, 6588, 8000, 8080, 8081"
- In reply to: Bukys, Liudvikas: "scanning for HTTP proxies, ports 80, 81, 1080, 3128, 4480, 6588, 8000, 8080, 8081"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Jul 2002 15:45:40 -0400 To: incidents@securityfocus.com From: faded <faded@911.net>
Not only are they scanning for open web proxies, but they're scanning for
open web proxies that would allow mail relaying as the :25 shows.
You're probably seeing the result of a spammer in search of open relays
to abuse.
-Russell
At 02:34 PM 7/29/2002 -0400, you wrote:
>The most recent scan I observed added more ports (the 4480 and 6588 are new),
>and now the test pattern is a
> CONNECT ipaddress:25 HTTP/1.0
>where ipaddress is a different host than the scanner.
>
>Somebody is collecting web proxies. I am interested in hearing whether
>other sites are seeing this, or whether it's somebody uniquely focussed
>on my site.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Bukys, Liudvikas: "scanning for HTTP proxies, ports 80, 81, 1080, 3128, 4480, 6588, 8000, 8080, 8081"
- In reply to: Bukys, Liudvikas: "scanning for HTTP proxies, ports 80, 81, 1080, 3128, 4480, 6588, 8000, 8080, 8081"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
