GEN:SID 1:615
Message SCAN SOCKS Proxy attempt
Summary An external host has requested to start communications with your host on
port 1080.
Impact Network reconnaissance.
Detailed Information Improperly-configured SOCKS proxies can be abused to allow a hostile
user to launch attacks and make them appear to come from your site.

Additionally, if the proxy is behind a firewall or is a trusted host, it
can be used to gain further access into your network and other hosts.
Affected Systems Any system with a SOCKS proxy server installed.
Attack Scenarios Attacker utilizes your misconfigured proxy to anonymize their other
illegitimate activities or gain further access to your network.
Ease of Attack Trivial or extremely difficult, depending on proxy configuration.
Corrective Action Allow only internal users to connect to the proxy, or configure strong
access control.
Additional References UnderNet:
http://help.undernet.org/proxyscan/

Rule References url: help.undernet.org/proxyscan/