Joshua,
Our network have been scanned for devices on port 3128 as well. You are correct about
the potential for proxy-relay, in fact I believe that port 3128 is the default port
for squid (a *nix proxy). I cannot confirm that a majority of the scans originate from
China, however since we do not run squid we drop those packets anyway.
Tim
-----Original Message-----
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 23, 1999 3:10 PM
To: [EMAIL PROTECTED]
Subject: Port 8080 Scans - Democracy ?
Hey,
I run a small network, and can afford to respond to most port
scans that sweep by, usually first to the originating network
admins, and sometimes the upstream ISPs.
Many of the scans that hit my network, especially on the
weekends, are of the port 8080 variety, sometimes including
port 3128, which seem to be looking for HTTP Proxy services.
Often these scans are coming from China, so I started thinking
that maybe these were students looking for a relay point
to surf the web without being blocked, a little freedom of
information, and that I was doing a disservice by ratting
them out.
We don't run any HTTP Proxies on our network, so it wouldn't
hurt us to stop reporting on them, but I wanted to see
if there was similar sentiment to mine that these might
be benign scans that, in the name of democracy, we might
want to stop reporting on in general ?
Any opinions?
-- Joshua
______________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NODEWORKS - web link monitoring Long Beach, CA USA 1-562-432-2469
http://www.nodeworks.com http://www.chamas.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
