RE: Need help with Scan Socks Proxy Attempts

["Ibarra, Michael" <m.ibarra () cdcixis-na com>]

Do you run a socks server? If so, is it accsible from the outside?
If not, then why is this port open? If your sensor is behind a 
screening router, then use that to your advantage and block what 
you do not need, that way you should never see it, well hopefully
:-)

-mike

-----Original Message-----
From: Ed Kasky [mailto:ed () esson net]
Sent: Thursday, October 03, 2002 1:39 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Need help with Scan Socks Proxy Attempts


Our little network has all of a sudden been hit with over 5,000 Scan Sock 
Proxy Attempts to port 1080 in the last 72 hours.  More than half of these 
have come from one source!!

1.  Are these something I need to concern myself with?
2.  If they are, is there anything else I can do aside from blocking the 
ip's using hosts.deny??

Thanks in advance for any advice.....


Ed Kasky


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users