From owner-freebsd-security Sun Nov 8 02:46:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA23503 for freebsd-security-outgoing; Sun, 8 Nov 1998 02:46:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA23497 for ; Sun, 8 Nov 1998 02:46:49 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.9.1/8.8.7) with ESMTP id FAA10080; Sun, 8 Nov 1998 05:46:15 -0500 (EST) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Christoph Kukulies cc: freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: port 1080 scans In-reply-to: Your message of "Sun, 08 Nov 1998 10:38:06 +0100." <199811080938.KAA06024@gilberto.physik.RWTH-Aachen.DE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 08 Nov 1998 05:46:14 -0500 Message-ID: <10076.910521974@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christoph Kukulies wrote in message ID <199811080938.KAA06024@gilberto.physik.RWTH-Aachen.DE>: > In our campus network we are increasingly observing port > scan attacks from outer sites on port 1080 (socks). My bet is that they are not looking for security holes, but rather open socks `relays' to be used like open WinGates and mask the packet trails. I had socks5 on my machine at home for less than 24 hours before someone tried to use it to gain access to an IRC server, making it look like my machine was the packet source. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message