Hi, On Sun, 14 Sep 2003 14:31:22 +0200 "Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
> Kristian Koehntopp wrote on Sun, 14 Sep 2003 11:33:06 +0200: > > > http://www.lurhq.com/sobig-e.html reports the following: > > I found this article quite interesting, especially this: > > > Servers who check incoming connections for open proxies will be most interested in > > checking TCP ports 2280, 2282 or 2285. > > Anyone can give hints for such software? (No, not DNS-RBL.) http://www.corpit.ru/mjt/proxycheck.html You can set this to send test results to various DNSBLs so when an open proxy is found, it gets listed. proxycheck can set to be very aggressive in its checks. "proto_port_spec is in the form [proto:][port,port,...]. If portlist is omitted, default ports for given protocols will be tried; if proto is omitted, either all protocols will be tried (if port is not known), or the protocols which are assotiated with this port. The following protocols are recognized: s5 (socks5, socks5, SOCKS5) s4 (socks4, socks4, SOCKS4) wg (wingate, wingate, WINGATE) hc (http, http, HTTP CONNECT) ho (http-post, http, HTTP POST) hu (http-put, http, HTTP PUT) fu (ftp, ftp, FTP USER) The following probes are made (level cf. -a): s5 (level 0): 1080,1180,1075 s4 (level 0): 1080,1180,1075 hc (level 0): 80,81,1075,1182,3128,4480,6588,8000,8080,8081,8090 hc (level 0): 5490 hc (level 1): 7033,8085,8095,8100,8105,8110 ho (level 1): 80,81,1075,1182,3128,4480,6588,8000,8080,8081,8090 wg (level 2): 23,1181 ho (level 2): 7033,8085,8095,8100,8105,8110 s5 (level 2): 1813 hu (level 3): 80,81,1075,1182,3128,4480,6588,8000,8080,8081,8090 fu (level 3): 1183,21 hu (level 4): 7033,8085,8095,8100,8105,8110" http://www.unicom.com/sw/pxytest/ This is a bit more limited but a little easier to use, probing the following: "Port Specification Format: min_port_number-[max_port_number][/proto] (ex: 8080-8085/http-connect) proto values = all, cisco, http, http-connect, http-post, socks4, socks5, telnet, wingate Port Specification Aggregates: basic = 80, 80/http-post, 3128, 8080, 8080/http-post, 8081, 1080/socks4, 1080/socks5, 23/telnet, 23/cisco, 23/wingate, 6588, 1180/socks4 full = basic, 81, 85, 1182, 1282, 4480, 7033, 8000, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 1180/socks5, 1181/cisco, 1181/telnet, 1181/wingate socks = 1080/socks4, 1080/socks5" FWIW, securityscan.sec.rr.com proxy-tests hosts connecting to their mail servers on ports 80, 81, 1080, 1180, 1181, 1182, 3128, 4480, 6588, 8000, 8080, and 8081. customerscan.sec.rr.com scans networks for open proxies on 80, 81, 1080, 1180, 1181, 1182, 3128, 4480, 6588, 8000, and 8080, and despite its name and published policies, customerscan.sec.rr.com has been known to scan non-RoadRunner networks. proxyscan1.isomedia.com has proxy-tested ports 23, 25, 80, 81, 85, 1075, 1080, 1180, 1181, 1182, 1282, 3128, 4480, 5490, 6588, 7033, 8000, 8080, 8081, 8085, 8090, 8095, 8100, 8105, 8110, and 8888. These are given as examples of the scope of reactive proxy testing; I strongly advise against scanning other networks unless you want a call from your ISP. hth, -- Bob Apthorpe ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
