OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Exploit on tcp/4128?

From: Doug Rutherford (drutheryukoncollege.yk.ca)
Date: Mon Feb 14 2005 - 17:52:04 CST


David Gillett wrote:

> 3128 is a commonly-scanned proxy port. Maybe it's a typo?
>
>

3128 is actually the port used for Squid. The Reverse WWW Tunnel (tcp) and Ring Door (tcp
and udp) trojans also use this port.

There is a note on the ISC web site
(http://isc.sans.org//port_details.php?port=3128&repax=1&tarax=2&srcax=2&percent=N&days=40)
that suggests that the MyDoom worm may also use this port if 3127 (its default) is in use
for something else.

Hope this is of some help...

--

Doug Rutherford
Professional Studies Division
Yukon College, PO Box 2799, Whitehorse, YT, Y1A 5K4