|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Looking for Squid Proxies
From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert
UUMAIL.GOV.BC.CA)Date: Thu Mar 16 2000 - 08:45:08 CST
- Next message: Warren Belfer: "Re: TCP port 3218"
- Previous message: Vanja Hrustic: "Re: Munged Napster Sessions"
- Next in thread: Ryan Sweat: "Re: Looking for Squid Proxies"
- Reply: Ryan Sweat: "Re: Looking for Squid Proxies"
- Reply: Dante Mercurio: "Re: Looking for Squid Proxies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I noticed in my firewall logs for one of the networks I maintain the
following:
Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 0:1 b
194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN
This suggests that someone may be looking for Squid proxies. I don't
run a Squid proxy on this network, however I do on another. Are there
any Squid vulnerabilities this "attacker" is looking for? Or is this
fellow trying to find a Squid proxy to bounce through to an IRC or NNTP
server? Is his intention to find a Squid proxy in order to breach the
firewall it is running on in order to gain access to the internal
network it is protecting, e.g. use the proxy as a portal into the
internal network as opposed to compromising the Squid application
itself to gain entry?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubertosg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
- Next message: Warren Belfer: "Re: TCP port 3218"
- Previous message: Vanja Hrustic: "Re: Munged Napster Sessions"
- Next in thread: Ryan Sweat: "Re: Looking for Squid Proxies"
- Reply: Ryan Sweat: "Re: Looking for Squid Proxies"
- Reply: Dante Mercurio: "Re: Looking for Squid Proxies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]