Port 1080 is a socks proxy server and the attacker was using this server as a middle man in this attack to protect his true ip. LK -----Original Message----- From: Chris Gross [mailto:chrisat_private] Sent: Wednesday, November 20, 2002 4:57 PM To: Incidents Mailing List Subject: Port 1080 We had a large spike in connections through our firewall and we tracked it down to a Linux 8.0 server. It was creating about 200K connections with a source and destination port of 1080. Has anyone else seen this. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 09:43:35 PST