Security Incidents mailing list archives
Re: Looking for Squid Proxies
From: Dante () WEBCTI COM (Dante Mercurio)
Date: Mon, 20 Mar 2000 09:51:10 -0500
The cobalt web caching server defaults to 3128 for it's proxy. Any relation? Perhaps they are looking for web caching servers to exploit? M. Dante Mercurio, CNA, MCSE+I, TNSP Consulting Services Manager Continental Consulting Group www.webcti.com/ccg <mailto:dante () webcti com>
-----Original Message----- From: Ryan Sweat [mailto:batrox () SWBELL NET] Sent: Saturday, March 18, 2000 1:47 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Looking for Squid Proxies there are no squid exploits that i am aware of, however they are used often to bounce to irc, or mask their ip while browsing. this can be done by : telnet x.x.x.x 3128 POST http://irc.hostname.com:6667 GET 1.0 <press return twice> logon as usual to irc -----Original Message----- From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () UUMAIL GOV BC CA> To: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM> Date: Friday, March 17, 2000 3:17 AM Subject: Looking for Squid ProxiesI noticed in my firewall logs for one of the networks I maintain the following: Mar 15 18:11:15 foobar ipmon[98]: 18:11:15.512302 xl0 @0:1 b 194.87.6.92,2483 -> w.x.y.z,3128 PR tcp len 20 48 -S IN This suggests that someone may be looking for Squid proxies. I don't run a Squid proxy on this network, however I do on another.Are thereany Squid vulnerabilities this "attacker" is looking for? Or is this fellow trying to find a Squid proxy to bounce through to anIRC or NNTPserver? Is his intention to find a Squid proxy in order tobreach thefirewall it is running on in order to gain access to the internal network it is protecting, e.g. use the proxy as a portal into the internal network as opposed to compromising the Squid application itself to gain entry? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS."
Current thread:
- Re: Looking for Squid Proxies Ryan Sweat (Mar 18)
- <Possible follow-ups>
- Re: Looking for Squid Proxies Dante Mercurio (Mar 20)