Brad Spencer said:
At 02:48 PM 4/9/2003 -0700, Justin Mason wrote:
Also some proxies are getting sophisticated, using unusual ports -- so
a full port-scan may be necessary at times.
You are, I hope, aware of the Trojan Horse problem:
http://groups.google.com/groups?selm=aqhj96%2429tp%241%40FreeBSD.csie.NCTU.ed
u.tw&output=gplain
Do any of the "unusual" ports you mention correspond with those listed in
the posting, if I may ask?
That's the Jeem trojan, I've heard of that alright. However, I don't
know for sure what ports might be a good example, since I'm just an avid
user of the DNSBLs in question, not one of the folks writing the testing
tools ;)
There's a good chance that the reason unusual ports are showing up is,
indeed, because of Jeem-infected machines, rather than the traditional
AnalogX style of default-open proxy software.
--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg