[Snort-users] Need help with Scan Socks Proxy Attempts
m.ibarra at ...7065...
Thu Oct 3 11:02:05 EDT 2002
Do you run a socks server? If so, is it accsible from the outside?
If not, then why is this port open? If your sensor is behind a
screening router, then use that to your advantage and block what
you do not need, that way you should never see it, well hopefully
From: Ed Kasky [mailto:ed at ...3483...]
Sent: Thursday, October 03, 2002 1:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Need help with Scan Socks Proxy Attempts
Our little network has all of a sudden been hit with over 5,000 Scan Sock
Proxy Attempts to port 1080 in the last 72 hours. More than half of these
have come from one source!!
1. Are these something I need to concern myself with?
2. If they are, is there anything else I can do aside from blocking the
ip's using hosts.deny??
Thanks in advance for any advice.....
More information about the Snort-users