Snort mailing list archives
RE: Need help with Scan Socks Proxy Attempts
From: "Ibarra, Michael" <m.ibarra () cdcixis-na com>
Date: Thu, 3 Oct 2002 14:00:00 -0400
Do you run a socks server? If so, is it accsible from the outside? If not, then why is this port open? If your sensor is behind a screening router, then use that to your advantage and block what you do not need, that way you should never see it, well hopefully :-) -mike -----Original Message----- From: Ed Kasky [mailto:ed () esson net] Sent: Thursday, October 03, 2002 1:39 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Need help with Scan Socks Proxy Attempts Our little network has all of a sudden been hit with over 5,000 Scan Sock Proxy Attempts to port 1080 in the last 72 hours. More than half of these have come from one source!! 1. Are these something I need to concern myself with? 2. If they are, is there anything else I can do aside from blocking the ip's using hosts.deny?? Thanks in advance for any advice..... Ed Kasky ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Need help with Scan Socks Proxy Attempts Ed Kasky (Oct 03)
- <Possible follow-ups>
- RE: Need help with Scan Socks Proxy Attempts Ibarra, Michael (Oct 03)