[Snort-users] Need help with Scan Socks Proxy Attempts

Ibarra, Michael m.ibarra at ...7065...
Thu Oct 3 11:02:05 EDT 2002

Do you run a socks server? If so, is it accsible from the outside?
If not, then why is this port open? If your sensor is behind a 
screening router, then use that to your advantage and block what 
you do not need, that way you should never see it, well hopefully


-----Original Message-----
From: Ed Kasky [mailto:ed at ...3483...]
Sent: Thursday, October 03, 2002 1:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Need help with Scan Socks Proxy Attempts

Our little network has all of a sudden been hit with over 5,000 Scan Sock 
Proxy Attempts to port 1080 in the last 72 hours.  More than half of these 
have come from one source!!

1.  Are these something I need to concern myself with?
2.  If they are, is there anything else I can do aside from blocking the 
ip's using hosts.deny??

Thanks in advance for any advice.....

Ed Kasky

More information about the Snort-users mailing list