|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Looking for Squid Proxies
From: Dante Mercurio (Dante
WEBCTI.COM)Date: Mon Mar 20 2000 - 08:51:10 CST
- Next message: Robert Graham: "Re: ICMP Echo Reply to 0.0.0.0"
- Previous message: Robert Graham: "Re: Port 6112"
- Maybe in reply to: Cy Schubert - ITSD Open Systems Group: "Looking for Squid Proxies"
- Maybe reply: Dante Mercurio: "Re: Looking for Squid Proxies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The cobalt web caching server defaults to 3128 for it's proxy. Any relation?
Perhaps they are looking for web caching servers to exploit?
M. Dante Mercurio, CNA, MCSE+I, TNSP
Consulting Services Manager
Continental Consulting Group
www.webcti.com/ccg
<mailto:dantewebcti.com>
> -----Original Message-----
> From: Ryan Sweat [mailto:batroxSWBELL.NET]
> Sent: Saturday, March 18, 2000 1:47 PM
> To: INCIDENTSSECURITYFOCUS.COM
> Subject: Re: Looking for Squid Proxies
>
>
> there are no squid exploits that i am aware of, however they
> are used often
> to bounce to irc, or mask their ip while browsing.
>
> this can be done by :
> telnet x.x.x.x 3128
>
> POST http://irc.hostname.com:6667 GET 1.0
> <press return twice>
>
> logon as usual to irc
>
> -----Original Message-----
> From: Cy Schubert - ITSD Open Systems Group
> <Cy.SchubertUUMAIL.GOV.BC.CA>
> To: INCIDENTSSECURITYFOCUS.COM <INCIDENTSSECURITYFOCUS.COM>
> Date: Friday, March 17, 2000 3:17 AM
> Subject: Looking for Squid Proxies
>
>
> >I noticed in my firewall logs for one of the networks I maintain the
> >following:
> >
> >Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 0:1 b
> >194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN
> >
> >This suggests that someone may be looking for Squid proxies. I don't
> >run a Squid proxy on this network, however I do on another.
> Are there
> >any Squid vulnerabilities this "attacker" is looking for? Or is this
> >fellow trying to find a Squid proxy to bounce through to an
> IRC or NNTP
> >server? Is his intention to find a Squid proxy in order to
> breach the
> >firewall it is running on in order to gain access to the internal
> >network it is protecting, e.g. use the proxy as a portal into the
> >internal network as opposed to compromising the Squid application
> >itself to gain entry?
> >
> >
> >Regards, Phone: (250)387-8437
> >Cy Schubert Fax: (250)387-5766
> >Team Leader, Sun/DEC Team Internet: Cy.Schubertosg.gov.bc.ca
> >Open Systems Group, ITSD, ISTA
> >Province of BC
> > "COBOL IS A WASTE OF CARDS."
>
- Next message: Robert Graham: "Re: ICMP Echo Reply to 0.0.0.0"
- Previous message: Robert Graham: "Re: Port 6112"
- Maybe in reply to: Cy Schubert - ITSD Open Systems Group: "Looking for Squid Proxies"
- Maybe reply: Dante Mercurio: "Re: Looking for Squid Proxies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]