Check Point Advisories

SOCKS (CAN-2002-1001)

Check Point Reference: CPAI-2004-25
Date Published: 1 Feb 2005
Severity: High
Last Updated: 5 Dec 2013
Industry Reference:CAN-2002-1001
Protection Provided by:

Security Gateway
R80, R77, R75, R71, R70

Who is Vulnerable?
Vulnerability Description

Protection Overview

This protection provides enforcement of the SOCKS protocol. Non SOCKS protocol communication over the SOCKS protocol port (1080 by default) will be blocked.You may also block SOCKS version 4 only or any unauthenticated SOCKS communication (often used by trojans to tunnel information).

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the SOCKS protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:.

Attack Name:  SOCKS Enforcement Violation.
Attack Information: . Sun Java System Web Proxy sockd Daemon buffer overflow. SOCKS enforcement violation detected on connection. SOCKS version other than version 5 detected on connection. Unauthenticated SOCKS protocol detected on connection

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO