Submitted By |
Date |
Comment |
|
2012-08-25 16:07:47 |
Planet Lab uses this port as well |
Ronnie |
2010-05-25 20:52:09 |
This port is also used by WinProxy |
Brian Porter |
2004-02-11 00:46:11 |
MyDoom.C / Doomjuice
http://www.lurhq.com/mydoom-c.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A
http://us.mcafee.com/virusInfo/default.asp?id=description&;;;virus_k=101002
http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html
http://www.f-secure.com/v-descs/doomjuice.shtml
http://www.viruslist.com/eng/alert.html?id=930701 |
|
2004-02-06 22:18:45 |
The Win32.Mydoom computer-virus opens and listens to the TCP port 3127,
(if this port is already in use, the worm tries the next one free
from the range 3128- 3199). The backdoor appears to have two main
functions: execution of remotely-supplied code, and port forwarding.
Reference: http://www3.ca.com/virusinfo/virus.aspx?ID=38102
|
Johannes Ullrich |
2002-10-12 08:57:51 |
scans on port 3128 usually look for badly configured proxy servers
in order to use them to hide further intrusion attempts or to
bypass company (or country wide) firewall rules restricting access
to certain web sites.
These scans usually come in sets that scan several ports frequently
used by proxies (80,8080...)
Port 3128 is usually used by 'squid', a very popular web proxy server
that is also able to proxy other protocols (e.g. ftp).
If you run a proxy server, make sure it only proxies request from
the inside. The two most common configuration problems are to permit
strangers to use the proxy server to attack other web sites, or even
worse to allow strangers to use the proxy server to access web site
('intranet') sites on the inside. |