[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: Connect to port 1080

To: bkho@umac.mo
Subject: Re: IDS: Connect to port 1080
From: Zhang Qianli <zhang@public.bjnet.edu.cn>
Date: Fri, 28 May 1999 18:45:26 +0900 (CDT)
cc: ids@uow.edu.au
In-Reply-To: <4825677F.0019772A.00@umacmb1.umac.mo>
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------


     I guess that someone is trying to locate a socks5 proxy in your 
machine. For default installment, the socks5 will listen  1080 port.
You can use ethereal or, I will recommend my netxmon to see what this
session will try to send. A socks5 format is not very difficult to
detect.
     If they are trying to locate a socks5 server, it will normally
be seen as a scan, with no much serious consequence, although a furious
e-mail to him will definately stop him/her from such kinds of fools. :-).
Best regards.
Zhang
-------------------------------------------------------------------------------
* Welcome to my homepage:             | Address: 14#315 Tsinghua University   *
*    http://compass.net.edu.cn:8000/  |                  Beijing ,China       *
*                                     | Tel: 86-10-62785005-505               *
* Download NetXMon NOW!               | ICQ#: 37568718                        *
*                                     | Email:zhang@public.bjnet.edu.cn       *
-------------------------------------------------------------------------------

On Fri, 28 May 1999 bkho@umac.mo wrote:

> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
> NOTE: You MUST remove this line from reply messages as it will be filtered.
> SPAM: DO NOT send unsolicted mail to this list.
> USUB: email "unsubscribe ids" to majordomo@uow.edu.au
> ---------------------------------------------------------------------------
> 
> 
> 
> 
> From: bkho@UMAC on 05/28/99 12:38 PM
> 
> 
> 
> Dear Sirs,
> 
> We installed portsentry ́n our solaris machines and detected that someone has
> tried to connect to our machines with the port 1080 almost daily.
> 
> ....
> portsentry[8399]: attackalert: Connect from host: 202.120.6.41/202.120.6.41 to
> TCP port: 1080
> portsentry[8399]: attackalert: Host: 202.120.6.41 is already blocked. Ignoring
> ..
> 
> I am wondering whether it is an attack or not? and why they are doing this?
> 
> Regards,
> Fiona
> 
> 
> 
> 
> 
> 
> 
>

References:
- IDS: Connect to port 1080
  - From: bkho@umac.mo

Prev by Date: Re: IDS: IDS Self-Test
Next by Date: Re: IDS: Connect to port 1080
Prev by thread: IDS: Connect to port 1080
Next by thread: Re: IDS: Connect to port 1080
Index(es):
- Date
- Thread