Since the 28 April, our HoneyNet has reveal increasing connexions on SOCKS 1080/TCP port. These trend is confirmed by the stats on SANS ISC.

Most of time these trends are given by Firewall reporting, but an IDS how is configured to report activities on non used TCP, or UDP, ports, could also trigger alerts. If you use the Emerging Threats “Known Compromised Hosts” and “Recommended Block List“, correlation between Firewall activities and IDS signatures will give you a better overview on the attacker.

24 hours destination port 1080/TCP events

24 hours destination port 1080/TCP events

1 week destination port 1080 events

1 week destination port 1080 events

1 month destination port 1080/TCP events

1 month destination port 1080/TCP events

1 year destination port 1080/TCP events

1 year destination port 1080/TCP events

Destination port 1080 source countries repartition

Destination port 1080 source countries repartition