Re: Exploit on tcp/4128?

From: Doug Rutherford (druther_at_yukoncollege.yk.ca)
Date: 02/15/05

  • Next message: H Carvey: "Re: Exploit on tcp/4128?"
    Date: Mon, 14 Feb 2005 15:52:04 -0800
    To: incidents@securityfocus.com
    
    

    David Gillett wrote:

    > 3128 is a commonly-scanned proxy port. Maybe it's a typo?
    >
    >

    3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
    and udp) trojans also use this port.

    There is a note on the ISC web site
    (http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40)
    that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
    for something else.

    Hope this is of some help...

    -- 
    Doug Rutherford
    Professional Studies Division
    Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4
    

  • Next message: H Carvey: "Re: Exploit on tcp/4128?"

    Relevant Pages

    • Re: Open port PIX 501
      ... :i can't open the port in my PIX. ... :I need open the port 1000 to point to the IP 10.254.254.222. ... in practice only DNS servers doing zone transfers need tcp. ... of UDP, it would be a highly unusual client which did not stick ...
      (comp.dcom.sys.cisco)
    • Re: UDP question
      ... Re: UDP question.eml ... >>> Most modern services utilise TCP, ... The only open port should be the port I use for Open VPN, ...
      (Security-Basics)
    • Re: Re[5]: Assymetric NIC performance problem
      ... I've got a FreeBSD file server running Samba, file upload speeds are okay, ... Client connecting to 192.168.0.1, TCP port 5001 ... Sorry, I didn't know that UDP bandwidth must be specified manually, ...
      (freebsd-net)
    • Re: excessive TCP dulplicate acks revisted
      ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
      (freebsd-current)
    • excessive TCP dulplicate acks revisted
      ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
      (freebsd-current)