For those of you who are interested, SANS (www.sans.org)
has been looking for data traces on these probes. We're
nearing the end of the two week period they were looking
for, but I'm sure they appreciate any data anyone has.
This is from the last SANS Digest --
>>>>>>>>>>
A high priority note from our intrusion detection program manager,
Stephen Northcutt:
Intrusion detection systems ranging from home computers with cable
modems to high end government facilities have been reporting a large
number of probes to TCP port 3128, the squid proxy service. If your
site has a network monitoring capability and you DO NOT run squid
and you detect this pattern over the next two weeks, please let us
know by sending email to [EMAIL PROTECTED] with intrusion 3128 in the
subject line. If you are allowed to send the data trace, please
sanitize any of your site's network information (destination host
address) and send the data trace as well. Thank you!
<<<<<<<<<<
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]