Security Incidents mailing list archives
RE: ftp scans and socks
From: "Jonathan A. Zdziarski" <jonathan.zdziarski () micromuse com>
Date: Wed, 1 Aug 2001 08:24:54 -0400
Same thing's been showing up in my firewall logs, but I've been dismissing it as a nuissance. Hence my last question to incidents...when does this community consider it a hostile act? -----Original Message----- From: Mark Borrie [mailto:mark () gandalf otago ac nz] Sent: Wednesday, August 01, 2001 1:08 AM To: incidents () securityfocus com Subject: ftp scans and socks Hi all I am watching a solaris system that appears to be conducting ftp scans of remote IPs. Looking at the traffic to and from our system I am seeing a socks port (1080) connection immediately prior to each attempted ftp connection. Does any one know of any expoits that use sockd to carry out ftp (or other) scans? Mark. -- Mark Borrie Systems Support Specialist and IT Security Officer, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-5080 For information on email virus hoaxes see http://HoaxBusters.ciac.org/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ftp scans and socks Mark Borrie (Jul 31)
- RE: ftp scans and socks Jonathan A. Zdziarski (Aug 01)