Re: Exploit on tcp/4128?

From: Doug Rutherford (druther_at_yukoncollege.yk.ca)
Date: 02/15/05

  • Next message: H Carvey: "Re: Exploit on tcp/4128?"
    Date: Mon, 14 Feb 2005 15:52:04 -0800
    To: incidents@securityfocus.com
    
    

    David Gillett wrote:

    > 3128 is a commonly-scanned proxy port. Maybe it's a typo?
    >
    >

    3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
    and udp) trojans also use this port.

    There is a note on the ISC web site
    (http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40)
    that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
    for something else.

    Hope this is of some help...

    -- 
    Doug Rutherford
    Professional Studies Division
    Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4
    

  • Next message: H Carvey: "Re: Exploit on tcp/4128?"