SOCKS and SPAM
Novell Cool Solutions: Tip
By Michael Cassman
Digg This -
Posted: 14 Jun 2002
Here's a security issue you should know about. You can relay off the BorderManager SOCKS proxy if access rules are not set up. The SOCKS proxy on BorderManager listens on all bound IP addresses and the default packet filters allow incoming connections to this port.
The SOCKS proxy is enabled typically for AOL Instant Messenger. You can disable the SOCKS proxy and create a stateful packet filter for port:5190 to login.oscar.aol.com.
Check out these TIDS for more details.
Enabling Socks gateway allows BorderManager server to be used for spamming. http://support.novell.com/cgi-bin/search/searchtid.cgi?/10068600.htm
The public ip address is being used as a proxy (no filters loaded) http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064345.htm
How to avoid Mail Proxy being used to spam or forward mail http://support.novell.com/cgi-bin/search/searchtid.cgi?/10013929.htm
For related info, search the newsgroups at http://www.deja.com for
- SOCKS PROXY SPAM
- BorderManager 1080 SPAM
- SOCKS and SPAM
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com