|Check Point Reference:||CPAI-2004-25|
|Date Published:||1 Feb 2005|
|Last Updated:||5 Dec 2013|
|Protection Provided by:||
|Who is Vulnerable?|
This protection provides enforcement of the SOCKS protocol. Non SOCKS protocol communication over the SOCKS protocol port (1080 by default) will be blocked.You may also block SOCKS version 4 only or any unauthenticated SOCKS communication (often used by trojans to tunnel information).
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:.
Attack Name: SOCKS Enforcement Violation.
Attack Information: . Sun Java System Web Proxy sockd Daemon buffer overflow. SOCKS enforcement violation detected on connection. SOCKS version other than version 5 detected on connection. Unauthenticated SOCKS protocol detected on connection