Thanks very much to those with the courtesy to answer my question politely. I'll post
one of the answers here for those others who do not know what SQUID is.
Quentin
>>> Emanuel Protopsaltis <[EMAIL PROTECTED]> 10/08 1:13 PM >>>
http://www.squid-cache.org/
a full-featured Web proxy cache
designed to run on Unix systems
free, open-source software
...
[EMAIL PROTECTED] wrote:
> I'm sorry to ask a possibly obvious question, but what is SQUID?
> Thanks.
> Quentin Antrim
> City of Fort Collins
>
> >>> "Kevin Johnston" <[EMAIL PROTECTED]> 10/08 6:21 AM >>>
> I am aware of the recent flood of SQUID. Has anyone experienced port
> scans for port 53 and 1080? I have a cable modem at home (I know, I know,
> bad, bad...).
>
> ABout every Saturday night between 6pm and 9pm I get port scanned and
> NukeNabber knocks them off. However, the fact they are scanning for DNS and
> SOCKS concerns me as an IT professional.
> I have probably turned in a dozen or more addresses to the ISPs the scans
> are coming from but as usual, no response back.
>
> Curious if anyone else is seeing this activity and if so, if you have found
> any information to share.
>
> Kevin
>
> ----- Original Message -----
> From: Randall, Mark <[EMAIL PROTECTED]>
> To: Bill Fox <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, October 08, 1999 2:57 AM
> Subject: RE: Squid probes ?
>
> > Are you running a sniffer, or using some other method to examine the
> packets
> > themselves?
> >
> > I would check the variations in source IP with the TTL value. All those
> > different sources are very unlikely to be the exact same number of hops
> > away.
> >
> >
> > -----Original Message-----
> > From: Bill Fox [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, October 07, 1999 9:29 PM
> > To: Firewalls mailing list; Jeff Younker
> > Subject: Re: Squid probes ?
> >
> >
> > From my vantage point at least, it appears to be *true* probing, since the
> > source IP varies significantly. I see 'hits' literally from around the
> > globe, and they're more prevalent at night/weekends. They also
> *origninate*
> > (spoofs, compromises very possible/probable..) from universities, small
> > ISP's, even government organizations. Thus it would seem highly unlikely
> > that it's caused by commercial entities. And 'conferencing' with such
> > locations as Pakistan, Iran, China, etc. isn't a distinct possibility at
> my
> > location, at least. Anything's possible, though :).
> >
> > --Bill
> >
> > ----- Original Message -----
> > From: Jeff Younker <[EMAIL PROTECTED]>
> > To: 'Joshua Chamas' <[EMAIL PROTECTED]>; Bill Fox <[EMAIL PROTECTED]>
> > Cc: Firewalls mailing list <[EMAIL PROTECTED]>
> > Sent: Thursday, October 07, 1999 2:35 PM
> > Subject: RE: Squid probes ?
> >
> >
> > Are you sure it's abuse and not some web conference application, or some
> web
> > page generated (such as a stock reporting page) that's trying to tunnel
> > information via HTTP? Is it associated with an outbound HTTP connection
> > from your one of your users?
> >
> > - Jeff Younker - [EMAIL PROTECTED] - These are my opinions, not MDL's -
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
