From owner-freebsd-security  Sun Nov  8 13:21:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA23240
          for freebsd-security-outgoing; Sun, 8 Nov 1998 13:21:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA23235
          for <freebsd-security@freebsd.org>; Sun, 8 Nov 1998 13:21:56 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zccHE-0003L4-00; Sun, 8 Nov 1998 14:21:40 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id OAA20841; Sun, 8 Nov 1998 14:21:16 -0700 (MST)
Message-Id: <199811082121.OAA20841@harmony.village.org>
To: Security <security@tasam.com>
Subject: Re: port 1080 scans 
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Sun, 08 Nov 1998 15:10:58 EST."
		<Pine.BSF.3.96.981108150950.14310A-100000@tasam.com> 
References: <Pine.BSF.3.96.981108150950.14310A-100000@tasam.com>  
Date: Sun, 08 Nov 1998 14:21:16 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.3.96.981108150950.14310A-100000@tasam.com>
Security writes: 
: I've noticed our socks5 dumping core quite often. It's stopped now, but
: about a week ago it was acting up.

The socks folks fixed a security hole (usual buffer overrun) in socks5
1.0r5 or so.  I'd upgrade to the latest socks if you haven't already.
The latest FreeBSD port of socks5 has this fix in it.  The core dumps
may indicate that you are under attack and the attacker are Script
|<ids that don't know you aren't running Linux.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message