Security Incidents mailing list archives
Re: 1080 Incidents
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 28 Feb 2001 12:35:48 -0700
On Tue, 27 Feb 2001, Sports wrote:
I was wondering if anybody knew why everyday my firewall gets hit with "attacks" on port 1080 from computers all over the world, mostly dialup accounts in other countries.
That's the "SOCKS" port. SOCKS is a generic TCP (and later UDP) proxy method. Lots of the Windows firewall/NAT implmentations use SOCKS compatible proxies as one of their means to get clients through. The attackers are looking for misconfigured SOCKS compatible servers that they can connect through to hide their tracks. They're popular for IRC for example. The connection appears to the IRC server to come from the victim running the open proxy. Ryan
Current thread:
- 1080 Incidents Sports (Feb 28)
- Re: 1080 Incidents Ryan Russell (Feb 28)
- Re: 1080 Incidents E, M (Feb 28)