Re: Exploit on tcp/4128?
From: Doug Rutherford (druther_at_yukoncollege.yk.ca)
Date: 02/15/05
- Previous message: Lawrence Baldwin: "RE: Exploit on tcp/4128?"
- In reply to: David Gillett: "RE: Exploit on tcp/4128?"
- Next in thread: James Eaton-Lee: "Re: Exploit on tcp/4128?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Feb 2005 15:52:04 -0800 To: incidents@securityfocus.com
David Gillett wrote:
> 3128 is a commonly-scanned proxy port. Maybe it's a typo?
>
>
3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
and udp) trojans also use this port.
There is a note on the ISC web site
(http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40)
that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
for something else.
Hope this is of some help...
-- Doug Rutherford Professional Studies Division Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4
- Previous message: Lawrence Baldwin: "RE: Exploit on tcp/4128?"
- In reply to: David Gillett: "RE: Exploit on tcp/4128?"
- Next in thread: James Eaton-Lee: "Re: Exploit on tcp/4128?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
