myNetWatchman KnowledgeBase
Pooling knowledge to
secure the internet.
|
 |
The normal user of this port is for SOCKS proxying.
It is probed often as attackers are looking for servers that will allow proxying from any IP address (an open SOCKS proxy).
By proxying activity through an open SOCKS proxy, the attacker can hide disguise their activity and avoid detection.
It is also common practice for IRC and some game servers to perform an open proxy test when you connect to their server. This is to prevent denial of service attacks through open proxies which are a serious problem in the IRC community. So if the host that probed you is an IRC server or game server you just connected to, then this is expected behavior and should be ignored.
|
