1. SOCKS is a service that allows internal machines behind a firewall/proxy/gateway access to the Internet. Rather than talking to the target machine, clients communicate with the SOCKS server and ask it to relay data to the target machine out on the Internet. Most web-browsers and FTP clients have SOCKS support built in; SOCKS clients can also be installed on client computers to automatically redirect traffic through the socks gateway. Key point: SOCKS servers are frequently misconfigured allowing both outside and inside people to use them. This means that if a hacker wants to hide where they come from, the hacker scans the Internet for SOCKS proxies, then funnel their data through the proxies they find. When victims trace back to the hacker's IP address, they find the open SOCKS server instead. Key point: Abuse through SOCKS servers has become so common on IRC networks that many of them (dalnet, undernet) have begun scanning clients to see if they are running an open SOCKS proxy. They deny access to anybody coming into the networks through such a proxy. Note that users can still use closed proxies (i.e. those available only to internal users). Key point: SOCKS servers listen by default on TCP port 1080. Real world: Most browsers support SOCKS, which you can see in the "proxy" settings configuration tab. You can download generic SOCKS clients and servers from http://www.socks.nec.com/. SOCKS v5 is specified in RFRC 1928. From Hacking-Lexicon