http://www.dshield.org/top10.php http://www.dshield.org/topports.php Interesting stuff. -Dan
On Mon, 27 Nov 2000, Dan Hollis wrote: re: http://www.dshield.org/topports.php port 8080 is of course not frequently used for webservers, but frequently used with proxy/cache servers (NetApp NetCache, Squid and alike). Sorry for the off topic comment. --Ariel
http://www.dshield.org/top10.php http://www.dshield.org/topports.php
Interesting stuff.
-Dan
-- Ariel Biener e-mail: ariel@post.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
Yup, and if you want to know why people scan for that, take a look at a simple IRC bouncer I whipped up in a few hours with a coworker at work. It bounces through misconfigured Squid or IIS boxes. It was the default on squid until recently. Warning: This code is horrid and likely contains a zillion buffer overruns :D http://raistlin.toledolink.com/~raistlin/httpbounce.tar.gz Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows On Mon, 27 Nov 2000, Ariel Biener wrote:
On Mon, 27 Nov 2000, Dan Hollis wrote:
re: http://www.dshield.org/topports.php
port 8080 is of course not frequently used for webservers, but frequently used with proxy/cache servers (NetApp NetCache, Squid and alike).
Sorry for the off topic comment.
--Ariel
http://www.dshield.org/top10.php http://www.dshield.org/topports.php
Interesting stuff.
-Dan
-- Ariel Biener e-mail: ariel@post.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
Am I the only one thinking that they should filter out certain boxes (ie: the box named security-scan.home.net)? .. I don't think it's going to be incredibly malicious unless you're a cable-modem customer.. Matt -- Matt Levine, CTO <mlevine@efront.com> eFront Media, Inc. - http://www.efront.com Phone: +1 714 428 8500 ext. 504 Fax : +1 949 203 2156 ICQ : 17080004 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Dan Hollis Sent: Monday, November 27, 2000 1:19 PM To: 'nanog@merit.edu' Subject: script kiddie probes http://www.dshield.org/top10.php http://www.dshield.org/topports.php Interesting stuff. -Dan
From: Matt Levine <mlevine@efront.com> To: <nanog@merit.edu> Sent: Monday, November 27, 2000 5:11 PM Subject: RE: script kiddie probes
Am I the only one thinking that they should filter out certain boxes (ie: the box named security-scan.home.net)? .. I don't think it's going to be incredibly malicious unless you're a cable-modem customer..
And while they're at it, also remove RFC 1918 addreses, self-assign addresses (169.254). I was underwhelmed when looking at their top 10 and seeing such addresses listed.
participants (5)
-
Ariel Biener
-
Dan Hollis
-
Daniel Senie
-
Jason Slagle
-
Matt Levine