Security Incidents mailing list archives
Looking for Squid Proxies
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Thu, 16 Mar 2000 06:45:08 -0800
I noticed in my firewall logs for one of the networks I maintain the
following:
Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 @0:1 b
194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN
This suggests that someone may be looking for Squid proxies. I don't
run a Squid proxy on this network, however I do on another. Are there
any Squid vulnerabilities this "attacker" is looking for? Or is this
fellow trying to find a Squid proxy to bounce through to an IRC or NNTP
server? Is his intention to find a Squid proxy in order to breach the
firewall it is running on in order to gain access to the internal
network it is protecting, e.g. use the proxy as a portal into the
internal network as opposed to compromising the Squid application
itself to gain entry?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
Current thread:
- sgi-dgl scanning, (continued)
- sgi-dgl scanning Michael Stone (Mar 27)
- unusual mail file Donald McLachlan (Mar 28)
- Re: unusual mail file Ryan Hilton (Mar 28)
- Front Page Extensions vventura () SIA PT (Mar 28)
- Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
- Syn attacks ? Klavs Klavsen (Mar 28)
- Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
- Munged Napster Sessions Stephen P. Berry (Mar 13)
- Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
- Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
- Port 6112 Stuart Staniford-Chen (Mar 17)
- Re: Port 6112 Robert Graham (Mar 20)
- Re: Port 6112 Stuart Staniford-Chen (Mar 20)
- nbname scans Rick Tortorella (Mar 20)