ftp scans and socks

From: Mark Borrie (markat_private)
Date: Tue Jul 31 2001 - 22:07:49 PDT

Next message: Joseph Nicholas Yarbrough: "Re: Code Red, anyone?"

Previous message: Russell Fulton: "Code Red, anyone?"
Next in thread: Jonathan A. Zdziarski: "RE: ftp scans and socks"
Reply: Jonathan A. Zdziarski: "RE: ftp scans and socks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all

I am watching a solaris system that appears to be conducting ftp scans of 
remote IPs. Looking at the traffic to and from our system I am seeing a 
socks port (1080) connection immediately prior to each attempted ftp 
connection.

Does any one know of any expoits that use sockd to carry out ftp (or other) 
scans?

Mark.

--
Mark Borrie
Systems Support Specialist and IT Security Officer,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080

For information on email virus hoaxes see
http://HoaxBusters.ciac.org/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Joseph Nicholas Yarbrough: "Re: Code Red, anyone?"
Previous message: Russell Fulton: "Code Red, anyone?"
Next in thread: Jonathan A. Zdziarski: "RE: ftp scans and socks"
Reply: Jonathan A. Zdziarski: "RE: ftp scans and socks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 22:28:36 PDT