The Honeynet ProjectThe Honeynet Project

  • Old Homepage

Navigation

  • About us
  • Blogs
    • Honeynet Project Blog
  • Funding/Donations
  • Challenges
  • Chapters
  • Papers
  • Projects
  • Google SoC 2009
  • Create content
  • Google SoC 2010
  • Google SoC 2011
  • Latest images
  • Security Workshops
    • 2011 - Paris
    • 2012 - SF Bay Area
      • General Information
      • Mar. 19 - Agenda
      • Mar. 20 - Hands-on tutorial training
      • Partner & Sponsorship
      • Register now!
      • Travel & Lodging

Internal

  • Login
Home › Know Your Enemy Lite: Proxy Threats - Socks v666

REFERENCES

Mon, 08/18/2008 - 19:58 — jamie.riden

SOCKS5 (RFC1928) http://tools.ietf.org/html/rfc1928
CHAOSREADER http://chaosreader.sf.net/

Snort IDS Signatures (EmergingThreats) http://www.emergingthreats.net/index.php/2007/07/16/new-proxy-bot-method-and-sigs/

‹ ACKNOWLEDGEMENTSup
  • Printer-friendly version

Aggregated Blog

We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.





Papers

  • INTRODUCTION
  • SOCKS BACKGROUND
  • HOW AND WHY SOCKS v666 PROXY NETWORKS WORK
  • DETAILED EXAMPLE
  • TCP SESSION REASSEMBLY AND DECODING
  • DETECTION AND MITIGATION
  • CONCLUSION
  • ACKNOWLEDGEMENTS
  • REFERENCES