Full information is at:
http://www.sans.org/newlook/resources/flashadv.htm
Apparently this is caused by a virus like program trying to
get info and call home.
Eric
On Thu, 7 Oct 1999 [EMAIL PROTECTED] wrote:
> Bill,
> Your guess is as good as mine. I've been seeing a lot of these over the same
> time period as well. Anybody else have a clue?
>
> Regards,
> Dennis Keller
> Network Security Administrator
> DDSP-Z
> [EMAIL PROTECTED]
>
>
> > -----Original Message-----
> > From: "Bill Fox" <[EMAIL PROTECTED]> at internet01
> > Sent: Wednesday, October 06, 1999 4:32 PM
> > To: "Firewalls mailing list" <[EMAIL PROTECTED]> at internet01
> > Subject: Squid probes ?
> >
> >
> > Somebody posted about 'Squid', the web-cache server, which caught my
> > attention. On a firewalls-related note, does anyone have any
> > idea what tool
> > is used for all these probes to port 3128 (Squid) that have
> > been going on
> > for the last month or so?? They're really just an
> > aggravation at my sites,
> > but I'm still curious as to why they continue, and why
> > they're originating
> > from so many sources? Is someone handing out a script on the
> > IRC's, or
> > what? I get an average of about 20 of these probes a day lately, all
> > consisting of exactly 4 TCP connect attempts (each) to ports
> > 80, 8080, and
> > 3128.
> >
> > --Bill
> >
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> >
>
>
>
---------------------------------------------------------------------
Eric Maiwald [EMAIL PROTECTED]
So Many Hobbies, So little time
---------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
