funsec mailing list archives
Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 25 Jan 2006 23:19:41 GMT
Here's an interesting article -- via eMail Battles. [snip] Our unpublished squid server was up for just 17 hours and 35 minutes before an attacker tried to use it as an open proxy. The attacker's bot knocked on our door from a Korea Telecom-assigned portable IP. The idea: Use our server to call a server running ip1.cgi, which is based on Proxy Judge. This is code designed to determine the security level of web proxies. The fact that our visitor used Proxy Judge told us little about intent. That's because both white hats and black hats use programs like Proxy Judge and ip.cgi to return the IP addresses of calling computers. But after finding the actual command string, www.maybefind.com/ip1.cgi, on a few hacking sites, the intentions became clearer. For example, Proxy Leecher, a site that openly posts the IP:Port addresses of open proxies, lists the command string as a proxy judge. In other words, if the Korean door-knocker had succeeded, our server would have been added to a list of open proxies. [snip] More here: http://www.emailbattles.com/archive/battles/phish_aachbbgdgb_hg/ - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours Fergie (Jan 25)
- Re: Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours TheGesus (Jan 25)
- Re: Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours Thomas C. Greene (Jan 25)
- Re: Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours TheGesus (Jan 25)