/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
Summary
The SANS Internet Storm Center observed an increase in scanning attempts targeting proxy servers. Attackers are using various methods, including specific URL prefixes like "/proxy/", to identify and potentially exploit these servers.
IFF Assessment
FOE
This indicates an increase in reconnaissance activities by attackers looking for vulnerable proxy servers.
Defender Context
Defenders should be aware of increased scanning for proxy servers, as these can be entry points for further attacks. Monitoring network traffic for unusual requests targeting proxy services is crucial, and ensuring proxy servers are properly configured and patched can mitigate risks.