Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Socks port 1080

From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Fri, 21 Jan 2000 12:29:21 +1300

On Thu, 20 Jan 2000 09:41:36 -0800 Heman Leopando
<hleopando () QUICKNET NET> wrote:


Any reason why someone would connect to port 1080?

Are they using it as a bounce server for IRC?



Hackers use badly configured socks servers to launder connections.  The
Wingate program for windows is notorious for this.  Older version were
wide open by default, they also had a builtin telnet proxy which was
wide open.  OH yes, and no logging.

The problem of socks abuse has got so bad in the IRC community that
Undernet now probe all machines that attach and warn people if they are
running open socks servers.

So if you are seeing probes on 1080 then, if they come from machines in
the undernet.org domain then they are benign (There is a web page that
describes what they are doing on their site), otherwise it will
probably be some looking for a way to hide the identity behind a proxy.

Cheers, Russell.
Previous By Date Next
Previous By Thread Next

Current thread: