At 12:20 PM 10/23/01, Kai r. s., euroweb as wrote: >In my logs I am getting used to port scans but yesterday I got like 100 >records from this Ip: > >Oct 22 09:05:43 attackalert: SYN/Normal scan from host: >dsl-64-128-180-129.telocity.com/64.128.180.129 to TCP port: 1080 > >What can this be, and is there some exploit regarding port 1080, lately it >seems that scans to port 1080 is getting more normal than the never ending >scans to port 111.
Port 1080 is used by Socks, which is a generic proxy service. If your machine isn't listening on that port (run "netstat -nap"; look in the "Local Address" column), don't worry about it. FYI, www.portsdb.org is a good source to find out what services listen on what ports. -------------------------------------------------------------------------- Ted Behling, Web Application Developer - Monarch Information Systems, Inc. 43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434 E-mail: mailto:[EMAIL PROTECTED] Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894 Cell Phone (urgent issues): 843-816-7895 Cell Phone E-mail: mailto:[EMAIL PROTECTED] (116 letter limit) Web site: http://www.MonarchIS.net -------------------------------------------------------------------------- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
