RE: Squid probes ?

1999-10-08 Thread Randall, Mark
:[EMAIL PROTECTED]] Sent: Thursday, October 07, 1999 9:29 PM To: Firewalls mailing list; Jeff Younker Subject: Re: Squid probes ? From my vantage point at least, it appears to be *true* probing, since the source IP varies significantly. I see 'hits' literally from around the globe, and they're more

RE: Squid probes

1999-10-08 Thread spiff
most probably this is a prog called "proxy hunter" from Solar Wind. certain people do not believe that all the internet should be availlable, proxy hunter provides a way out. On Thu, 7 Oct 1999, Joseph J. Volk wrote: Bill, Here are a few tid bits I've picked up concerning this probe.

Re: Squid probes

1999-10-08 Thread Bill Fox
th all this constant dumb probing. Typical lamer "script kiddie" stuff... grumble, grumble ;) --Bill - Original Message - From: Joseph J. Volk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, October 07, 1999 9:07 AM Subject:

Re: Squid probes ?

1999-10-08 Thread Bill Fox
, Mark [EMAIL PROTECTED] To: Bill Fox [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 07, 1999 11:57 PM Subject: RE: Squid probes ? Are you running a sniffer, or using some other method to examine the packets themselves? I would check the variations in source IP with the TTL value

Re: Squid probes ?

1999-10-08 Thread Joshua Chamas
:49 PM To: Bill Fox Cc: Firewalls mailing list Subject:Re: Squid probes ? Bill Fox wrote: Somebody posted about 'Squid', the web-cache server, which caught my attention. On a firewalls-related note, does anyone have

Re: Squid probes

1999-10-08 Thread Bill Fox
ay, October 08, 1999 12:00 AM Subject: RE: Squid probes most probably this is a prog called "proxy hunter" from Solar Wind. certain people do not believe that all the internet should be availlable, proxy hunter provides a way out. On Thu, 7 Oct 1999, Joseph J. Volk wrote: Bill,

RE: Squid probes ?

1999-10-08 Thread Mullen, Patrick
From the new SANS newsbits -- In a fabulous example of networked community cooperation, more than 300 security practitioners isolated the behavior of the Internet-wide RingZero Trojan proxy attack, found the Trojan, created defenses, and, as a result, the Russian site that was using it to

Re: Squid probes

1999-10-08 Thread James Strompolis
Here's the latest on the Squid probe. It's been identified, isolated and stopped for now. From the latest SANS newsletter: In a fabulous example of networked community cooperation, more than 300 security practitioners isolated the behavior of the Internet-wide RingZero Trojan proxy attack,

Re: Squid probes (Apology to spiff)

1999-10-08 Thread Bill Fox
- Original Message - From: Bill Fox [EMAIL PROTECTED] To: spiff [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, October 08, 1999 3:20 AM Subject: Re: Squid probes "provides a way out" Well, hi there "Spiff"! We know which boat you're in now. Enjoying surfing th

RE: Squid probes ?

1999-10-07 Thread dennis_keller
Bill, Your guess is as good as mine. I've been seeing a lot of these over the same time period as well. Anybody else have a clue? Regards, Dennis Keller Network Security Administrator DDSP-Z [EMAIL PROTECTED] -Original Message- From: "Bill Fox" [EMAIL PROTECTED] at internet01

RE: Squid probes

1999-10-07 Thread Joseph J. Volk
Bill, Here are a few tid bits I've picked up concerning this probe. I've heard it may have something to do with the anonymous surfing services made available recently. Joe Begin tid bits... I run a small network, and can afford to respond to most port scans that sweep by, usually first to

RE: Squid probes

1999-10-07 Thread Joe Matusiewicz
Funny we should be talking about this. I just sent out an email to the owner of www.tf.ITB.ac.id because his server tried to unsuccessfully scan 30,000+ addresses in our Class B network on port 8080. I reported it to him/her because my best guess is that his server was compromised. -- Joe

Re: Squid probes ?

1999-10-07 Thread Joshua Chamas
Bill Fox wrote: Somebody posted about 'Squid', the web-cache server, which caught my attention. On a firewalls-related note, does anyone have any idea what tool is used for all these probes to port 3128 (Squid) that have been going on for the last month or so?? They're really just an

RE: Squid probes ?

1999-10-07 Thread Mullen, Patrick
For those of you who are interested, SANS (www.sans.org) has been looking for data traces on these probes. We're nearing the end of the two week period they were looking for, but I'm sure they appreciate any data anyone has. This is from the last SANS Digest -- A high priority note from our

RE: Squid probes ?

1999-10-07 Thread Eric Maiwald
Full information is at: http://www.sans.org/newlook/resources/flashadv.htm Apparently this is caused by a virus like program trying to get info and call home. Eric On Thu, 7 Oct 1999 [EMAIL PROTECTED] wrote: Bill, Your guess is as good as mine. I've been seeing a lot of these over the

RE: Squid probes ?

1999-10-07 Thread Jeff Younker
] - These are my opinions, not MDL's - -Original Message- From: Joshua Chamas [SMTP:[EMAIL PROTECTED]] Sent: Thursday, October 07, 1999 12:49 PM To: Bill Fox Cc: Firewalls mailing list Subject:Re: Squid probes ? Bill Fox

Re: Squid probes ?

1999-10-07 Thread Bill Fox
Message - From: Jeff Younker [EMAIL PROTECTED] To: 'Joshua Chamas' [EMAIL PROTECTED]; Bill Fox [EMAIL PROTECTED] Cc: Firewalls mailing list [EMAIL PROTECTED] Sent: Thursday, October 07, 1999 2:35 PM Subject: RE: Squid probes ? Are you sure it's abuse and not some web conference application