Security Incidents mailing list archives
Re: Looking for Squid Proxies
From: batrox () SWBELL NET (Ryan Sweat)
Date: Sat, 18 Mar 2000 12:46:46 -0600
there are no squid exploits that i am aware of, however they are used often to bounce to irc, or mask their ip while browsing. this can be done by : telnet x.x.x.x 3128 POST http://irc.hostname.com:6667 GET 1.0 <press return twice> logon as usual to irc -----Original Message----- From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () UUMAIL GOV BC CA> To: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM> Date: Friday, March 17, 2000 3:17 AM Subject: Looking for Squid Proxies
I noticed in my firewall logs for one of the networks I maintain the following: Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 @0:1 b 194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN This suggests that someone may be looking for Squid proxies. I don't run a Squid proxy on this network, however I do on another. Are there any Squid vulnerabilities this "attacker" is looking for? Or is this fellow trying to find a Squid proxy to bounce through to an IRC or NNTP server? Is his intention to find a Squid proxy in order to breach the firewall it is running on in order to gain access to the internal network it is protecting, e.g. use the proxy as a portal into the internal network as opposed to compromising the Squid application itself to gain entry? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS."
Current thread:
- Re: Looking for Squid Proxies Ryan Sweat (Mar 18)
- <Possible follow-ups>
- Re: Looking for Squid Proxies Dante Mercurio (Mar 20)