Security Incidents mailing list archives
Re: 1080 Incidents
From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Thu, 1 Mar 2001 19:13:45 +0000
Hello there,
It might be interesting to note that nmap scans this port during a normal command line scan and this indication is not necessarily from a IRC based application.
Yes, but if your network is queried only on that port, use of nmap (or Nessus and such) is quite improbable in my view, since these scanners usually scan a wide range of ports, unless you tell them not to.
I was wondering if anybody knew why everyday my firewall gets hit with "attacks" on port 1080 from computers all over the world, mostly dialup accounts in other countries.That's the "SOCKS" port. SOCKS is a generic TCP (and later UDP) proxy method. Lots of the Windows firewall/NAT implmentations use SOCKS compatible proxies as one of their means to get clients through.
The ever so popular Wingate's one of them. I've seen it misconfigured pretty often, since most people don't seem to care any further once their applications work. Cheers, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther () radio hundert6 de
Current thread:
- Re: 1080 Incidents Joe Moll (Mar 01)
- Re: 1080 Incidents Jan Muenther (Mar 01)
- <Possible follow-ups>
- Re: 1080 Incidents David Kennedy CISSP (Mar 22)