[Snort-users] What does SCAN Proxy attempt mean ?

Andrew R. Baker andrewb0x29a at ...131...
Sun Oct 14 12:12:06 EDT 2001


Yes, all they did was scan for port 8080.  This is used as part of a scan
to detect open http proxy servers.  An open http proxy server can be used
to proxy attacks against an http server thus hiding the attacker.

-A


--- James <the_saint_james at ...131...> wrote:
>  alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"SCAN Proxy
>  attempt";flags:S; classt$$lasstype:attempted-recon; sid:620; rev:1;)
> 
>  Getting lots of these, it looks like this rule is specific for port
> 8080
>  requests, which is a common proxy port. Anything else ? Can't find
> anything
>  at whitehat.com on this rule; it is part of the standard snort distro.
> 
>  So they scanned port 8080, is that all ?
> 
>  james
> 
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com




More information about the Snort-users mailing list