Re: 1080 Incidents

[Jan Muenther <jan () RADIO HUNDERT6 DE>]

Hello there,

> It might be interesting to note that nmap scans this port during a normal
> command line scan and this indication is not necessarily from a IRC based
> application.

Yes, but if your network is queried only on that port, use of
nmap (or Nessus and such) is quite improbable in my view, since
these scanners usually scan a wide range of ports, unless you
tell them not to.

> > > I was wondering if anybody knew why everyday my firewall gets hit
> > > with "attacks" on port 1080 from computers
> > > all over the world, mostly dialup accounts in other countries.
> >
> > That's the "SOCKS" port.  SOCKS is a generic TCP (and later UDP) proxy
> > method.  Lots of the Windows firewall/NAT implmentations use SOCKS
> > compatible proxies as one of their means to get clients through.

The ever so popular Wingate's one of them. I've seen it
misconfigured pretty often, since most people don't seem to care
any further once their applications work.

Cheers, Jan


--
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de