Tag Archives: SOCKS

Increasing connexions on SOCKS 1080/TCP port

Since the 28 April, our HoneyNet has reveal increasing connexions on SOCKS 1080/TCP port. These trend is confirmed by the stats on SANS ISC.

Most of time these trends are given by Firewall reporting, but an IDS how is configured to report activities on non used TCP, or UDP, ports, could also trigger alerts. If you use the Emerging Threats “Known Compromised Hosts” and “Recommended Block List“, correlation between Firewall activities and IDS signatures will give you a better overview on the attacker.

24 hours destination port 1080/TCP events
24 hours destination port 1080/TCP events
1 week destination port 1080 events
1 week destination port 1080 events
1 month destination port 1080/TCP events
1 month destination port 1080/TCP events
1 year destination port 1080/TCP events
1 year destination port 1080/TCP events
Destination port 1080 source countries repartition
Destination port 1080 source countries repartition