readme.eml Part II

["Basil Saragoza" <snortlst () hotmail com>]

This is the decoded payload from the readme.eml attempt I receive:
ts port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl girls url_regex -i aaaaa adult adserv ashole ...
acl music url_regex \.mp3 \.mpeg \.mpg \.mov \.avi \.asf
acl nimda url_regex -i readme.eml
acl valid_url url_regex gsm\.hu index\.hu origo\.hu cisco\.com
tele-satellite\.com satcodx\.com
acl max_user_conn maxconn 5
acl all src 10.0.0.0/255.255.0.0
acl petzval srcdomain "/etc/s

It looks very much like entries from squid.conf file, besides that my
squid.conf doesn't contain the following lines:
acl CONNECT method CONNECT
acl girls url_regex -i aaaaa adult adserv ashole ...
acl music url_regex \.mp3 \.mpeg \.mpg \.mov \.avi \.asf
acl nimda url_regex -i readme.eml
acl valid_url url_regex gsm\.hu index\.hu origo\.hu cisco\.com
tele-satellite\.com satcodx\.com
acl max_user_conn maxconn 5
acl petzval srcdomain "/etc/s

The rest of the lines are present and acl all src 10.0.0.0/255.255.0.0 is
the lien I created myself and 'all' is the acl I created, so some parts from
the payload contain valis lines from my squid.conf.
(run squid proxy on linux machine for internet connections.)

Is my squid hacked, how should I interpret this payload?


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users