Ok i thought that could be a possibality. I have seen a few portscans after the snort warning but iv verified where they were comeing from and alerted the proper isp (ps there were a few connection attempts to ports like 31337 and 6000-60036. Ok thanks for the info. You just confirmed what i was thinking was going on. Ok Later and thanks again Craig
On Wed, Dec 12, 2001 at 06:23:55PM +0000, Edilson Osorio Junior wrote: > Hi Craig, > The scan could be started by someone on the Inet, whether you have or not a > static IP. It always happens. > The default port of Squid is 3128. Its interesting to put your firewall to > log these not allowed connections, so you'll see from where these > connections are generated. > The portscanning is the first action to a possible attack... Portscanning > let the intruder know something more about your system... If you have some > dangerous process running on any port, the portscan will show that, unless > its blocked by your firewall. So the intruder has the capability to DoS or > penetrating your system. > > []'s > Edilson > > ------------- Original message follows ------------- > > > Hello Everyone. I'v been noticeing in my snort logs a lot of Squid Proxy > attemts. My box is setup as a firewall/gateway for one of my friends but i > dont think that hes causing them (unless hes capable of spoofing what NIC > they come in on)I was wondering what could be causing the scans? and what > port Squid proxy uses? And also what kind of danger do these scans present > to the secruity of my computer? > Thanks > Craig > > > > ___________________________________________________ > Edilson Osorio Junior > 4Solutions Informática > Divisão NetHawk - Consultoria e Segurança de Redes >
msg02216/pgp00000.pgp
Description: PGP signature
