Are you running a sniffer, or using some other method to examine the packets
themselves?
I would check the variations in source IP with the TTL value. All those
different sources are very unlikely to be the exact same number of hops
away.
-Original Message-
From: Bill Fox
most probably this is a prog called "proxy hunter" from Solar Wind.
certain people do not believe that all the internet should be availlable,
proxy hunter provides a way out.
On Thu, 7 Oct 1999, Joseph J. Volk wrote:
Bill,
Here are a few tid bits I've picked up concerning this probe.
Suchitra,
If you're configuring NAT on a Cisco router, it will take care of most of
the ARP related stuff for you.
Just to recap:
ARP (Address Resolution Protocol or whatever) is used to translate IP
addresses into Ethernet addresses. It's really only of interest once the
stuff gets to the LAN
Hmmm. Good tidbits. Anonymous surfing sounds like a logical suspect. One
of your attached emails mentioned "Proxy Hunter", and I believe SANS
mentions something possibly called "Zero Ring", or such. One thing for
sure, *they* are wasting a bit of the collective bandwidth with all this
constant
Underway. I don't currently have a sniffer loaded on the firewall, but plan
on installing ipgrab tcpdump this weekend, if all goes well. I have
pinged tracerouted some of the sources... they *weren't * equal hops away.
I'm sure others on the list have spent more time seeking out the sources
They are full network probes usually, that scan my
entire subnet, so yes they are abuses.
--Joshua
Jeff Younker wrote:
Are you sure it's abuse and not some web conference application, or some web
page generated (such as a stock reporting page) that's trying to tunnel
information via
"provides a way out" Well, hi there "Spiff"! We know which boat
you're in now. Enjoying surfing the firewalls listserv?? Been probing any
juicy sites lately, hummm?? g
- Original Message -
From: spiff [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 08, 1999
At 01:28 AM 10/7/99 -0400, Greg DeRuyter wrote:
was hoping I could get some names of various
types of firewalls both hardware and software so that I could do
research on them.
Check out the firewall information at CSI (http://www.gocsi.com/) and ICSA
(http://www.icsa.net/).
Fred
Avolio
I am aware of the recent flood of SQUID.Has anyone experienced port
scans for port 53 and 1080? I have a cable modem at home (I know, I know,
bad, bad...).
ABout every Saturday night between 6pm and 9pm I get port scanned and
NukeNabber knocks them off. However, the fact they are scanning
From the new SANS newsbits --
In a fabulous example of networked community cooperation, more than 300
security practitioners isolated the behavior of the Internet-wide RingZero
Trojan proxy attack, found the Trojan, created defenses, and, as a
result, the Russian site that was using it to
Here's the latest on the Squid probe. It's been identified, isolated and
stopped for now. From the latest SANS newsletter:
In a fabulous example of networked community cooperation, more than 300
security practitioners isolated the behavior of the Internet-wide RingZero
Trojan proxy attack,
I'm sorry to ask a possibly obvious question, but what is SQUID?
Thanks.
Quentin Antrim
City of Fort Collins
"Kevin Johnston" [EMAIL PROTECTED] 10/08 6:21 AM
I am aware of the recent flood of SQUID.Has anyone experienced port
scans for port 53 and 1080? I have a cable modem at home (I
I'm now the most unpopular person in the building blocking AIM, Realplayer,
Broadcast.com and other things along this route. The problem is is that for
every service I block two more show up. Does anyone know of a listing of
these services? A list of the port numbers they use would be great
I'm assigned to implement an FTP server which customers/
clients will use to upload and download data in a secure manner.
The number of clients is approx. 100.
Here's my configuration:
http: Apache 1.3.4
OS: Unix Solaris 2.7
Firewall: Sonicwall with DMZ
The FTP server will be located at
Superconducting QUantum Interference Device
Not.
Seriously, it's a caching proxy server for *nix:
http://squid.nlanr.net/
-Original Message-
I'm sorry to ask a possibly obvious question, but what is SQUID?
Thanks.
Quentin Antrim
City of Fort Collins
-
[To unsubscribe, send
On Fri, Oct 08, 1999 at 02:08:11PM -0400, Vosburgh, Brian P, CTR, WHS/REF wrote:
I'm now the most unpopular person in the building blocking AIM,
Realplayer, Broadcast.com and other things along this route. The
problem is is that for every service I block two more show up. Does
anyone know
You mention that for every service you _block_, two more show up. Shouldn't
you be sitting back and making your users make a case for business need vs.
security risk, and then _opening_ ports for their traffic, rather than
running around blocking ports you don't want them to use?
Here's the main
Thanks very much to those with the courtesy to answer my question politely. I'll post
one of the answers here for those others who do not know what SQUID is.
Quentin
Emanuel Protopsaltis [EMAIL PROTECTED] 10/08 1:13 PM
http://www.squid-cache.org/
a full-featured Web proxy cache
designed to
It's a little bit different for these types of toys. Many of them work
across HTTP, and particular websites or URLs have to be blocked.
I doubt many of us could get away with blocking access to
all websites, except for the approved ones. It's akin to
the porno site problem.
those are connections due to IRC searching to see if you are also running
a wingate. You might also see them hit port 1090. Your logs should point
out that the originators are from the irc sites you and your users are
playing on.
Thanks,
Ron DuFresne
On Fri, 8 Oct 1999, Kevin Johnston
On Thu, Oct 07, 1999 at 10:06:43AM +0200, Rafi Sadowsky wrote:
try checking
http://www.inka.de/sites/lina/freefire-l/tools.html
thanks Rafi, you can now also use http://www.freefire.org. The german start
page is accesable from www.freefire.de and the database backend and new
layout will
Would like to publicly apologize to spiff for that totally unwarranted
comment I tossed onto the list while bleary-eyed and irrational. It was
admittedly unprofessional and infantile of me to do that. I know from past
posts that he ISN'T what I insinuated. Sorry, spiff!!
--Bill
-
FYI to the list: The 'Common Vulnerabilities and Exposure" (CVE) list has
recently been put online by MITRE Corporation. The URL is:
http://cve.mitre.org/ .
--Bill
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
We block all sites except for approved ones. Moving to this security policy
after allowing unlimited access is a bit like trying to stuff the genie back
into the bottle after you've let him out :-).
Brian Steele
- Original Message -
From: Ryan Russell [EMAIL PROTECTED]
To: Jim
24 matches
Mail list logo