Security Incidents mailing list archives

Re: Looking for Squid Proxies

From: Dante () WEBCTI COM (Dante Mercurio)
Date: Mon, 20 Mar 2000 09:51:10 -0500


The cobalt web caching server defaults to 3128 for it's proxy. Any relation?
Perhaps they are looking for web caching servers to exploit?

M. Dante Mercurio, CNA, MCSE+I, TNSP
Consulting Services Manager
Continental Consulting Group
www.webcti.com/ccg
<mailto:dante () webcti com>

-----Original Message-----
From: Ryan Sweat [mailto:batrox () SWBELL NET]
Sent: Saturday, March 18, 2000 1:47 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Looking for Squid Proxies


there are no squid exploits that i am aware of, however they
are used often
to bounce to irc, or mask their ip while browsing.

this can be done by :
telnet x.x.x.x 3128

POST http://irc.hostname.com:6667 GET 1.0
<press return twice>

logon as usual to irc

-----Original Message-----
From: Cy Schubert - ITSD Open Systems Group
<Cy.Schubert () UUMAIL GOV BC CA>
To: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM>
Date: Friday, March 17, 2000 3:17 AM
Subject: Looking for Squid Proxies

I noticed in my firewall logs for one of the networks I maintain the
following:

Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 @0:1 b
194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN

This suggests that someone may be looking for Squid proxies.  I don't
run a Squid proxy on this network, however I do on another.

Are there

any Squid vulnerabilities this "attacker" is looking for?  Or is this
fellow trying to find a Squid proxy to bounce through to an

IRC or NNTP

server?  Is his intention to find a Squid proxy in order to

breach the

firewall it is running on in order to gain access to the internal
network it is protecting, e.g. use the proxy as a portal into the
internal network as opposed to compromising the Squid application
itself to gain entry?


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC
                   "COBOL IS A WASTE OF CARDS."

Current thread:

Re: Looking for Squid Proxies Ryan Sweat (Mar 18)
- <Possible follow-ups>
- Re: Looking for Squid Proxies Dante Mercurio (Mar 20)