Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SQUID scan proxy attempt

From: "Wally Bedford" <wbedford () canada com>
Date: Tue, 24 Feb 2004 18:56:26 -0500
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Fabio
Viero
Sent: Saturday, February 21, 2004 5:42 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] SQUID scan proxy attempt

Hi

I'm new to snort and i had setup a very simple test configuration. In
short, i run squid on 192.168.0.1 (and apache, snort with acid and so
on...) and i have a win98(192.168.0.2) client that access the internet
via this proxy server (192.168.0.1). Snort is detecting this access
(from 192.168.0.2 to 192.168.0.1) as a "SCAN squid proxy attempt". We
know it's not what's really happening. The server 192.168.0.1 has no
firewall rules. The only access control is done with squid.

Could anyone give an insight about this problem?

Thanks in advance to anyone of you.



Take a look at the automatic proxy configuration in the IE properties.
If it is checked, it may be your problem.

If this is garden-variety LAN you are working with, there is not much
sense in running that rule on the inside interface.

HTH,
Wally



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: