Security Incidents mailing list archives

RE: Port 1080

From: Krueger Lawrence <Lawrence.Krueger () kohler com>
Date: Fri, 22 Nov 2002 08:39:01 -0600

Port 1080 is a socks proxy server and the attacker was using this server as
a middle man in this attack to protect his true ip.

LK

-----Original Message-----
From: Chris Gross [mailto:chris () hugehosting com]
Sent: Wednesday, November 20, 2002 4:57 PM
To: Incidents Mailing List
Subject: Port 1080

We had a large spike in connections through our firewall and we tracked it
down to a Linux 8.0 server. It was creating about 200K connections with a
source and destination port of 1080. Has anyone else seen this.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Port 1080 Chris Gross (Nov 21)
- Re: Port 1080 D.Spezialie (Nov 24)
- <Possible follow-ups>
- RE: Port 1080 Krueger Lawrence (Nov 25)