:[EMAIL PROTECTED]]
Sent: Thursday, October 07, 1999 9:29 PM
To: Firewalls mailing list; Jeff Younker
Subject: Re: Squid probes ?
From my vantage point at least, it appears to be *true* probing, since the
source IP varies significantly. I see 'hits' literally from around the
globe, and they're more
most probably this is a prog called "proxy hunter" from Solar Wind.
certain people do not believe that all the internet should be availlable,
proxy hunter provides a way out.
On Thu, 7 Oct 1999, Joseph J. Volk wrote:
Bill,
Here are a few tid bits I've picked up concerning this probe.
th all this
constant dumb probing. Typical lamer "script kiddie" stuff... grumble,
grumble ;)
--Bill
- Original Message -
From: Joseph J. Volk [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, October 07, 1999 9:07 AM
Subject:
, Mark [EMAIL PROTECTED]
To: Bill Fox [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 07, 1999 11:57 PM
Subject: RE: Squid probes ?
Are you running a sniffer, or using some other method to examine the packets
themselves?
I would check the variations in source IP with the TTL value
:49 PM
To: Bill Fox
Cc: Firewalls mailing list
Subject:Re: Squid probes ?
Bill Fox wrote:
Somebody posted about 'Squid', the web-cache server, which caught
my
attention. On a firewalls-related note, does anyone have
ay, October 08, 1999 12:00 AM
Subject: RE: Squid probes
most probably this is a prog called "proxy hunter" from Solar Wind.
certain people do not believe that all the internet should be availlable,
proxy hunter provides a way out.
On Thu, 7 Oct 1999, Joseph J. Volk wrote:
Bill,
From the new SANS newsbits --
In a fabulous example of networked community cooperation, more than 300
security practitioners isolated the behavior of the Internet-wide RingZero
Trojan proxy attack, found the Trojan, created defenses, and, as a
result, the Russian site that was using it to
Here's the latest on the Squid probe. It's been identified, isolated and
stopped for now. From the latest SANS newsletter:
In a fabulous example of networked community cooperation, more than 300
security practitioners isolated the behavior of the Internet-wide RingZero
Trojan proxy attack,
- Original Message -
From: Bill Fox [EMAIL PROTECTED]
To: spiff [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, October 08, 1999 3:20 AM
Subject: Re: Squid probes
"provides a way out" Well, hi there "Spiff"! We know which boat
you're in now. Enjoying surfing th
Bill,
Your guess is as good as mine. I've been seeing a lot of these over the same
time period as well. Anybody else have a clue?
Regards,
Dennis Keller
Network Security Administrator
DDSP-Z
[EMAIL PROTECTED]
-Original Message-
From: "Bill Fox" [EMAIL PROTECTED] at internet01
Bill,
Here are a few tid bits I've picked up concerning this probe. I've heard
it may have something to do with the anonymous surfing services made
available recently.
Joe
Begin tid bits...
I run a small network, and can afford to respond to most port
scans that sweep by, usually first to
Funny we should be talking about this. I just sent out an email to the
owner of www.tf.ITB.ac.id because his server tried to unsuccessfully scan
30,000+ addresses in our Class B network on port 8080. I reported it to
him/her because my best guess is that his server was compromised.
-- Joe
Bill Fox wrote:
Somebody posted about 'Squid', the web-cache server, which caught my
attention. On a firewalls-related note, does anyone have any idea what tool
is used for all these probes to port 3128 (Squid) that have been going on
for the last month or so?? They're really just an
For those of you who are interested, SANS (www.sans.org)
has been looking for data traces on these probes. We're
nearing the end of the two week period they were looking
for, but I'm sure they appreciate any data anyone has.
This is from the last SANS Digest --
A high priority note from our
Full information is at:
http://www.sans.org/newlook/resources/flashadv.htm
Apparently this is caused by a virus like program trying to
get info and call home.
Eric
On Thu, 7 Oct 1999 [EMAIL PROTECTED] wrote:
Bill,
Your guess is as good as mine. I've been seeing a lot of these over the
] - These are my opinions, not MDL's -
-Original Message-
From: Joshua Chamas [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, October 07, 1999 12:49 PM
To: Bill Fox
Cc: Firewalls mailing list
Subject:Re: Squid probes ?
Bill Fox
Message -
From: Jeff Younker [EMAIL PROTECTED]
To: 'Joshua Chamas' [EMAIL PROTECTED]; Bill Fox [EMAIL PROTECTED]
Cc: Firewalls mailing list [EMAIL PROTECTED]
Sent: Thursday, October 07, 1999 2:35 PM
Subject: RE: Squid probes ?
Are you sure it's abuse and not some web conference application
17 matches
Mail list logo