Security Incidents mailing list archives
Re: 1080 Incidents
From: Joe Moll <jmoll-lists () MY-MBOX COM>
Date: Thu, 1 Mar 2001 09:32:00 -0800
It might be interesting to note that nmap scans this port during a normal command line scan and this indication is not necessarily from a IRC based application. Best Regards, jlm At 12:35 PM 2/28/2001 -0700, Ryan Russell wrote:
On Tue, 27 Feb 2001, Sports wrote: > I was wondering if anybody knew why everyday my firewall gets hit > with "attacks" on port 1080 from computers > all over the world, mostly dialup accounts in other countries. That's the "SOCKS" port. SOCKS is a generic TCP (and later UDP) proxy method. Lots of the Windows firewall/NAT implmentations use SOCKS compatible proxies as one of their means to get clients through. The attackers are looking for misconfigured SOCKS compatible servers that they can connect through to hide their tracks. They're popular for IRC for example. The connection appears to the IRC server to come from the victim running the open proxy. Ryan
--- Joseph L. Moll, jmoll () autoproxy com PGP Footprint: F18D 8C1C C1C0 25AD 5D40 BC99 57A3 02E9 F1F5 984E
Current thread:
- Re: 1080 Incidents Joe Moll (Mar 01)
- Re: 1080 Incidents Jan Muenther (Mar 01)
- <Possible follow-ups>
- Re: 1080 Incidents David Kennedy CISSP (Mar 22)