Re: Port 8080 Scans - Democracy ?

Mon, 23 Aug 1999 22:58:27 -0700 

"They" have been doing this since early this year.  My network and my
upstream ISP got hit by these guys, as far as we can tell from our logs,
the scans were all originating from China.

It's done by something calling itself "ProxyHunter" (check your web server
logs).  It looks for web proxies and web cache, which could be squid,
Apache proxies, MS, etc - that's why it scanned 80, 8080 and 3128.  My
guess is that they are building a list of "open" proxies to use, for what?  
your guess is as good as mine.  I am a pessimist and don't think they are
up to anything good.

In any case, I've blocked them off at my incoming routers, and so did our
upstream ISP.  Apparently, quite a few customers of our ISP complained.

Tin Le


----
Net Images - Premier Web Presence Provider   http://www.netimages.com/~tin
Internet Security and Firewall Consulting
Tin Le - [EMAIL PROTECTED]

On Mon, 23 Aug 1999, Joshua Chamas wrote:

> Date: Mon, 23 Aug 1999 12:09:40 -0700
> From: Joshua Chamas <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Subject: Port 8080 Scans - Democracy ?
> 
> Hey,
> 
> I run a small network, and can afford to respond to most port
> scans that sweep by, usually first to the originating network
> admins, and sometimes the upstream ISPs.
> 
> Many of the scans that hit my network, especially on the 
> weekends, are of the port 8080 variety, sometimes including
> port 3128, which seem to be looking for HTTP Proxy services.
> 
> Often these scans are coming from China, so I started thinking
> that maybe these were students looking for a relay point
> to surf the web without being blocked, a little freedom of 
> information, and that I was doing a disservice by ratting
> them out.
> 
> We don't run any HTTP Proxies on our network, so it wouldn't
> hurt us to stop reporting on them, but I wanted to see
> if there was similar sentiment to mine that these might
> be benign scans that, in the name of democracy, we might
> want to stop reporting on in general ?
> 
> Any opinions?
> 
> -- Joshua
> ______________________________________________________________________
> Joshua Chamas                      Chamas Enterprises Inc.
> NODEWORKS - web link monitoring    Long Beach, CA  USA  1-562-432-2469
> http://www.nodeworks.com           http://www.chamas.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to