Security Incidents mailing list archives
Looking for Squid Proxies
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Thu, 16 Mar 2000 06:45:08 -0800
I noticed in my firewall logs for one of the networks I maintain the following: Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 @0:1 b 194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN This suggests that someone may be looking for Squid proxies. I don't run a Squid proxy on this network, however I do on another. Are there any Squid vulnerabilities this "attacker" is looking for? Or is this fellow trying to find a Squid proxy to bounce through to an IRC or NNTP server? Is his intention to find a Squid proxy in order to breach the firewall it is running on in order to gain access to the internal network it is protecting, e.g. use the proxy as a portal into the internal network as opposed to compromising the Squid application itself to gain entry? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS."
Current thread:
- sgi-dgl scanning, (continued)
- sgi-dgl scanning Michael Stone (Mar 27)
- unusual mail file Donald McLachlan (Mar 28)
- Re: unusual mail file Ryan Hilton (Mar 28)
- Front Page Extensions vventura () SIA PT (Mar 28)
- Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
- Syn attacks ? Klavs Klavsen (Mar 28)
- Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
- Munged Napster Sessions Stephen P. Berry (Mar 13)
- Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
- Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
- Port 6112 Stuart Staniford-Chen (Mar 17)
- Re: Port 6112 Robert Graham (Mar 20)
- Re: Port 6112 Stuart Staniford-Chen (Mar 20)
- nbname scans Rick Tortorella (Mar 20)