[Snort-users] What does SCAN Proxy attempt mean ?
the_saint_james at ...131...
Sun Oct 14 11:30:04 EDT 2001
alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"SCAN Proxy
attempt";flags:S; classt$$lasstype:attempted-recon; sid:620; rev:1;)
Getting lots of these, it looks like this rule is specific for port 8080
requests, which is a common proxy port. Anything else ? Can't find anything
at whitehat.com on this rule; it is part of the standard snort distro.
So they scanned port 8080, is that all ?
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users