Dear Chris, Port 1080 is a Socks Proxy port, on that note if you server is a Redhat distro I would put my money on the Redhat Network Update Tool that is misconfigured/not-configured. I have expierienced this type of activity before from the Redhat 7.3 and 8.0 distros trying to contact RHN *constantly* through my firewall. On those distros the RHN daemon "out of the box" is started automatically. D. Chris Gross wrote: > We had a large spike in connections through our firewall and we tracked it > down to a Linux 8.0 server. It was creating about 200K connections with a > source and destination port of 1080. Has anyone else seen this. > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Nov 24 2002 - 14:17:48 PST