Snort mailing list archives
RE: SQUID scan proxy attempt
From: "Wally Bedford" <wbedford () canada com>
Date: Tue, 24 Feb 2004 18:56:26 -0500
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Fabio Viero Sent: Saturday, February 21, 2004 5:42 PM To: snort-users () lists sourceforge net Subject: [Snort-users] SQUID scan proxy attempt Hi I'm new to snort and i had setup a very simple test configuration. In short, i run squid on 192.168.0.1 (and apache, snort with acid and so on...) and i have a win98(192.168.0.2) client that access the internet via this proxy server (192.168.0.1). Snort is detecting this access (from 192.168.0.2 to 192.168.0.1) as a "SCAN squid proxy attempt". We know it's not what's really happening. The server 192.168.0.1 has no firewall rules. The only access control is done with squid. Could anyone give an insight about this problem? Thanks in advance to anyone of you. Take a look at the automatic proxy configuration in the IE properties. If it is checked, it may be your problem. If this is garden-variety LAN you are working with, there is not much sense in running that rule on the inside interface. HTH, Wally ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SQUID scan proxy attempt Fabio Viero (Feb 22)
- Simple configuration Mario Guerendo (Feb 22)
- RE: Simple configuration Mark E. Donaldson (Feb 22)
- <Possible follow-ups>
- SQUID scan proxy attempt Fabio Viero (Feb 24)
- RE: SQUID scan proxy attempt Wally Bedford (Feb 24)
- Simple configuration Mario Guerendo (Feb 22)