Same thing's been showing up in my firewall logs, but I've been dismissing
it as a nuissance. Hence my last question to incidents...when does this
community consider it a hostile act?
-----Original Message-----
From: Mark Borrie [mailto:mark_at_gandalf.otago.ac.nz]
Sent: Wednesday, August 01, 2001 1:08 AM
To: incidents_at_securityfocus.com
Subject: ftp scans and socks
Hi all
I am watching a solaris system that appears to be conducting ftp scans of
remote IPs. Looking at the traffic to and from our system I am seeing a
socks port (1080) connection immediately prior to each attempted ftp
connection.
Does any one know of any expoits that use sockd to carry out ftp (or other)
scans?
Mark.
--
Mark Borrie
Systems Support Specialist and IT Security Officer,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080
For information on email virus hoaxes see
http://HoaxBusters.ciac.org/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
Intro
