Increasing connexions on SOCKS 1080/TCP port
Since the 28 April, our HoneyNet has reveal increasing connexions on SOCKS 1080/TCP port. These trend is confirmed by the stats on SANS ISC.
Most of time these trends are given by Firewall reporting, but an IDS how is configured to report activities on non used TCP, or UDP, ports, could also trigger alerts. If you use the Emerging Threats “Known Compromised Hosts” and “Recommended Block List“, correlation between Firewall activities and IDS signatures will give you a better overview on the attacker.