The Honeynet ProjectThe Honeynet Project

  • Old Homepage

Navigation

  • About us
  • Blogs
    • Honeynet Project Blog
  • Funding/Donations
  • Challenges
  • Chapters
  • Papers
  • Projects
  • Code of Conduct
  • Google SoC
    • Google SoC 2013
    • Google SoC 2012
    • Google SoC 2011
    • Google SoC 2010
    • Google SoC 2009
  • GSoC
  • Latest images
  • Security Workshops
    • 2011 - Paris
    • 2012 - SF Bay Area
    • 2013 - Dubai

Internal

  • Login
Home › Know Your Enemy Lite: Proxy Threats - Socks v666

REFERENCES

Mon, 08/18/2008 - 19:58 — jamie.riden

SOCKS5 (RFC1928) http://tools.ietf.org/html/rfc1928
CHAOSREADER http://chaosreader.sf.net/

Snort IDS Signatures (EmergingThreats) http://www.emergingthreats.net/index.php/2007/07/16/new-proxy-bot-method-and-sigs/

‹ ACKNOWLEDGEMENTSup
  • Printer-friendly version

Aggregated Blog

We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.





Papers

  • INTRODUCTION
  • SOCKS BACKGROUND
  • HOW AND WHY SOCKS v666 PROXY NETWORKS WORK
  • DETAILED EXAMPLE
  • TCP SESSION REASSEMBLY AND DECODING
  • DETECTION AND MITIGATION
  • CONCLUSION
  • ACKNOWLEDGEMENTS
  • REFERENCES