They are full network probes usually, that scan my
entire subnet, so yes they are abuses.
--Joshua
Jeff Younker wrote:
>
> Are you sure it's abuse and not some web conference application, or some web
> page generated (such as a stock reporting page) that's trying to tunnel
> information via HTTP? Is it associated with an outbound HTTP connection
> from your one of your users?
>
> - Jeff Younker - [EMAIL PROTECTED] - These are my opinions, not MDL's -
>
> -----Original Message-----
> From: Joshua Chamas [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, October 07, 1999 12:49 PM
> To: Bill Fox
> Cc: Firewalls mailing list
> Subject: Re: Squid probes ?
>
> Bill Fox wrote:
> >
> > Somebody posted about 'Squid', the web-cache server, which caught
> my
> > attention. On a firewalls-related note, does anyone have any idea
> what tool
> > is used for all these probes to port 3128 (Squid) that have been
> going on
> > for the last month or so?? They're really just an aggravation at
> my sites,
> > but I'm still curious as to why they continue, and why they're
> originating
> > from so many sources? Is someone handing out a script on the
> IRC's, or
> > what? I get an average of about 20 of these probes a day lately,
> all
> > consisting of exactly 4 TCP connect attempts (each) to ports 80,
> 8080, and
> > 3128.
> >
>
> No idea why they happen, but I just keep reporting these
> "abuses" to their upstream ISP admins until they stop. I
> have gotten a ton of these probes myself starting back
> last April, so I definately feel your pain. :(
>
> I get the network information from:
> http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl
>
> and sometimes a good traceroute ...
>
> For other countries, they often don't have the abuse@*
> email to report these probes, so you have to stick with
> postmaster.
>
> -- Joshua
> _________________________________________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
