GEN:SID | 1:615 |
Message | SCAN SOCKS Proxy attempt |
Summary | An external host has requested to start communications with your host on port 1080.
|
Impact | Network reconnaissance.
|
Detailed Information | Improperly-configured SOCKS proxies can be abused to allow a hostile user to launch attacks and make them appear to come from your site.
Additionally, if the proxy is behind a firewall or is a trusted host, it can be used to gain further access into your network and other hosts.
|
Affected Systems | Any system with a SOCKS proxy server installed.
|
Attack Scenarios | Attacker utilizes your misconfigured proxy to anonymize their other illegitimate activities or gain further access to your network.
|
Ease of Attack | Trivial or extremely difficult, depending on proxy configuration.
|
Corrective Action | Allow only internal users to connect to the proxy, or configure strong access control.
|
Additional References | UnderNet: http://help.undernet.org/proxyscan/
|
Rule References | url: help.undernet.org/proxyscan/
|