[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] 2 bad ports
[ The following text is in the "x-user-defined" character set. ]
[ Your display is set for the "US-ASCII" character set. Some ]
[ characters may be displayed incorrectly. ]
any others on the list....from outside to inside.
FYI : I am posting this from the SANS mail. i did not see
it here.
*********************************************************************
SANS Today: Internetwide Scanning and Request For Traces
The SANS community has detected massive Internetwide scanning for proxies
on ports 8080 and 3128. SANS' participants from around the world are
reporting scans on port 80 (common port for world wide web), 8080 (common
location for proxy), 3128 (squid proxy) and occasionally other 8000
series ports. There is no evidence of accurate targeting, in many cases
the target system does not exist. Four sites have submitted evidence
that at least one site involved in this is: www.rusftpsearch.net The
most recent data will be available on the SANS web page (www.sans.org).
If your site does NOT use proxies on port 8080 and 3128 and you can
block these incoming services, that is probably a good idea. If you do
use proxies, you should check to see whether they are open to the public
and, if so, restrict these for your site's use only.
If you see OUTGOING 8080 or 3128 from any system at your site, PLEASE
contact the person who owns the system owner and work together to
determine what software or process is causing the connections to occur.
If you find these or have further information, please send the info to
us. Mail info@sans.org with 3128 in the subject line. Thank you!
********************************************************************
payal@pdq.net
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================