Security Incidents mailing list archives

Re: Socks port 1080

From: rmclean () NATDOOR COM (Randy Mclean)
Date: Fri, 21 Jan 2000 11:04:19 -0600


Well from what I've seen, people will scan entire ranges of Ip's only
looking socks and proxy ports(1080 and 8080). There are alot of people who
do this for many reasons, but bigest reason is for spam. Many spamers will
find as many socks proxies as they can use your computer as a relay to your
isp mail/news server. If have a socks port open, SECURE IT. In my
experience a Firewall works great if properly configured also some socks
proxy software will have setting for allowing ip's only a few
hosts(generally a good idea to use RFC 1918 address) . I hope this helps!

At 09:41 AM 1/20/00 -0800, Heman Leopando wrote:

Any reason why someone would connect to port 1080?

Are they using it as a bounce server for IRC?

==============================================
Heman Leopando
MIS/Network Manager
Quicknet Technologies
(415)864-5225 x52
www.quicknet.net


--
Randy Mclean
Security/Network Administrator
rmclean () natdoor com

Current thread:

Re: Korea (was RE: ?), (continued)
- - - Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
    - Re: Korea (was RE: ?) Arrigo Triulzi (Jan 28)
    - Re: Korea (was RE: ?) Dug Song (Jan 28)
    - Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
    - DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
    - Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)
    - Re: DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
    - Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)
    - Recent Scans Edwin Covert (Jan 28)
    - Re: DNS update queries: another sort of suspicious activity. Rob Quinn (Jan 31)
    - Re: Socks port 1080 Randy Mclean (Jan 21)
    - Re: Socks port 1080 Richard Bejtlich (Jan 21)
    - Unusual Netstat Listing Rob (Jan 22)