|
Security Incidents
mailing list archives
Re: Port 1080
From: "D.Spezialie" <dspezialie () optusnet com au>
Date: Fri, 22 Nov 2002 16:55:56 +1000
Dear Chris,
Port 1080 is a Socks Proxy port, on that note if you server is a Redhat
distro I would put my money on the Redhat Network Update Tool that is
misconfigured/not-configured. I have expierienced this type of activity
before from the Redhat 7.3 and 8.0 distros trying to contact RHN
*constantly* through my firewall. On those distros the RHN daemon "out
of the box" is started automatically.
D.
Chris Gross wrote:
We had a large spike in connections through our firewall and we tracked it
down to a Linux 8.0 server. It was creating about 200K connections with a
source and destination port of 1080. Has anyone else seen this.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Port 1080 Chris Gross (Nov 21)
- Re: Port 1080 D.Spezialie (Nov 24)
|
Intro
