Security Incidents mailing list archives
Re: Port 1080
From: "D.Spezialie" <dspezialie () optusnet com au>
Date: Fri, 22 Nov 2002 16:55:56 +1000
Dear Chris,Port 1080 is a Socks Proxy port, on that note if you server is a Redhat distro I would put my money on the Redhat Network Update Tool that is misconfigured/not-configured. I have expierienced this type of activity before from the Redhat 7.3 and 8.0 distros trying to contact RHN *constantly* through my firewall. On those distros the RHN daemon "out of the box" is started automatically.
D. Chris Gross wrote:
We had a large spike in connections through our firewall and we tracked it down to a Linux 8.0 server. It was creating about 200K connections with a source and destination port of 1080. Has anyone else seen this. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Port 1080 Chris Gross (Nov 21)
- Re: Port 1080 D.Spezialie (Nov 24)
- <Possible follow-ups>
- RE: Port 1080 Krueger Lawrence (Nov 25)