How can I catch incoming connections with socks5 in Debian?

S

sancho_panso2012-02-01 08:35:42

linux

sancho_panso, 2012-02-01 08:35:42

Actually a subject.

There is a certain personality that often messes with the Sox.
Is it possible to somehow track that the connection comes directly from the socks and immediately ban the villain?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

I

Igor, 2012-02-01
@shanker

From your question, the connection scheme is not clear (how the client connects to socks and at what point you have the opportunity to monitor traffic). Without this adequate answer, you will not receive, but only “finger in the sky” you can poke, dream up what and how

S

sancho_panso, 2012-02-01
@sancho_panso

OK.
There is a certain server (it lives by itself), let there be a Web server with open port 80.
There is an attacker whose ip is banned from iptables. An attacker sets up a connection via socks5 on his machine (via a program or in a browser) and gets to the server on port 80. because ip soks not in the bath.
How can you determine whether the client is sitting through socks or is breaking from his ip?

I

Igor, 2012-02-01
@shanker

Set him cookies (cookies) and ban them.

S

sancho_panso, 2012-02-01
@sancho_panso

In addition to port 80, there are also other services in which cookies will not help.
e.g. dc++ hub

I

Igor, 2012-02-02
@shanker

IMHO, no way
This problem has no solution in general terms. Otherwise, all hackers would have been jailed long ago and there would be no one to write viruses))
Everywhere you need to apply authorization and only ban it