[Snort-users] What does SCAN Proxy attempt mean ?
Andrew R. Baker
andrewb0x29a at ...131...
Sun Oct 14 12:12:06 EDT 2001
Yes, all they did was scan for port 8080. This is used as part of a scan
to detect open http proxy servers. An open http proxy server can be used
to proxy attacks against an http server thus hiding the attacker.
--- James <the_saint_james at ...131...> wrote:
> alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"SCAN Proxy
> attempt";flags:S; classt$$lasstype:attempted-recon; sid:620; rev:1;)
> Getting lots of these, it looks like this rule is specific for port
> requests, which is a common proxy port. Anything else ? Can't find
> at whitehat.com on this rule; it is part of the standard snort distro.
> So they scanned port 8080, is that all ?
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
More information about the Snort-users