Greg Stewart wrote:
>
> > ?? What/why would a socks proxy port port be probed ??
>
> Socks is a network proxy protocol used to provide NAT access for one section
> of a network to another. It is possible that the machine from which the
> packets came is hitting you or everyone (I haven't seen your packet log
> entry, so I can't decipher it) in an attempt to detect its proxy.
>
> This probably indicates a mis-configured machine on your segment of your
> ISP's network, or that is less than a certain number of hops distance from
> your machine so that the packets do not time out before getting to you.
>
> Socks and DNS, even DHCP hits on your machine usually don't pose a threat at
> all. It's just that someone seems not to know what they're doing--most often
> on Windows machines. Check to see (or include the packet log entry) that the
> destination is 255.255.255.255, or "broadcast". If this is so, then it's
> definitely not an attack. If otherwise, I would guess it's a
> mis-configuration.
Thanks Greg.
Yes it does seem to be mis-config. There is no consistancy in the source
IPs and the entry does show up as 'broadcast' as well.
My curiousity was in that all the other probes have been pretty
obvious as to what they were - these just seemed a bit different.
Cheers
--
ICQ# 89345394 Mailto: [EMAIL PROTECTED]
"The number of UNIX installations has grown to 10, with more expected"
(The UNIX Programmer's Manual, 2nd Edition, June 1972.)
