From owner-freebsd-security  Fri Aug 14 22:35:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA19550
          for freebsd-security-outgoing; Fri, 14 Aug 1998 22:35:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA19545
          for <freebsd-security@FreeBSD.ORG>; Fri, 14 Aug 1998 22:35:36 -0700 (PDT)
          (envelope-from mike@sentex.net)
Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.6/8.6.9) with SMTP id BAA21135; Sat, 15 Aug 1998 01:34:42 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: marquis@roble.com (Roger Marquis)
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Scans to ports 1090 and 1080
Date: Sat, 15 Aug 1998 05:32:00 GMT
Message-ID: <35d51c2b.284276748@mail.sentex.net>
References: <Pine.SUN.3.96.980814214044.12358B-100000@roble.com>
In-Reply-To: <Pine.SUN.3.96.980814214044.12358B-100000@roble.com>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 14 Aug 1998 21:41:59 -0700 (PDT), in sentex.lists.freebsd.misc
you wrote:

>Has anyone heard of vulnerabilities on ports 1080 or 1090?  These look
>like straight scans otherwise.

I see 1080 scans all the time.. Its IRC kiddies looking for an open
SOCKS proxy to hide their location.  I remember once installing  SOCKS
on a machine and I had it configured to be open for no more than
perhaps 30min.  Someone hit it in that interval and for months
afterwards I would get a dozen hits on it a day.   I guess it got
published on some list somewhere...

	---Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message