|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exploit on tcp/4128?
From: Doug Rutherford (druther
yukoncollege.yk.ca)
Date: Mon Feb 14 2005 - 17:52:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Gillett wrote:
> 3128 is a commonly-scanned proxy port. Maybe it's a typo?
>
>
3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
and udp) trojans also use this port.
There is a note on the ISC web site
(http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40)
that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
for something else.
Hope this is of some help...
--
Doug Rutherford
Professional Studies Division
Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]