Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Exploit on tcp/4128?

From: Doug Rutherford (drutheryukoncollege.yk.ca)
Date: Mon Feb 14 2005 - 17:52:04 CST

David Gillett wrote:

> 3128 is a commonly-scanned proxy port. Maybe it's a typo?

3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
and udp) trojans also use this port.

There is a note on the ISC web site
that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
for something else.

Hope this is of some help...


Doug Rutherford
Professional Studies Division
Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4