Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to
allow a host outside of a firewall to connect transparently and securely through the firewall. He
wonders if his firewall has been breached. What would be your inference?
A.
Eric network has been penetrated by a firewall breach
B.
The attacker is using the ICMP protocol to have a covert channel
C.
Eric has a Wingate package providing FTP redirection on his network
D.
Somebody is using SOCKS on the network to communicate through the firewall
Explanation:
Port Description:
SOCKS. SOCKS port,used to support outbound tcp services (FTP,HTTP,etc). Vulnerable similar
to FTP Bounce,in that attacker can connect to this port and \bounce\ out to another internal host.
Done to either reach a protected internal host or mask true source of attack. Listen for connection
attempts to this port — good sign of port scans,SOCKS-probes,or bounce attacks. Also a means to
access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows
attacker to access web sites,etc. that were restricted only to.mil domain hosts.
D