Re: Port 1080

["D.Spezialie" <dspezialie () optusnet com au>]

Dear Chris,

Port 1080 is a Socks Proxy port,  on that note if you server is a Redhat 
distro I would put my money on the Redhat Network Update Tool that is 
misconfigured/not-configured.  I have expierienced this type of activity 
before from the Redhat 7.3 and 8.0 distros trying to contact RHN 
*constantly* through my firewall.  On those distros the RHN daemon "out 
of the box" is started automatically.

D.


Chris Gross wrote:
> We had a large spike in connections through our firewall and we tracked it
> down to a Linux 8.0 server. It was creating about 200K connections with a
> source and destination port of 1080. Has anyone else seen this.
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com