Hi
I'm a newcomer to the Security arena and am currently trying to get to grips with honeypots, IDSs and firewalls for my dissertation. I'm running NFR's Back Officer Friendly on my home computer, configured to listen for Back Orifice, FTP, Telnet, SMTP, HTTP, POP3 and IMAP2, and something weird seems to have happened to it - I got scanned today on ports 3128 and 8080, the first 2 being a possible squid scan, picked up by Snort which I'm also running. The only comment in the BOF alert box was "Stopped listening for HTTP". The 4 snort alerts are as follows: [**] [1:618:1] INFO - Possible Squid Scan [**] [Classification: Attempted Information Leak] [Priority: 2] 05/26-19:50:39.372438 208.47.179.41:2295 -> 213.107.68.205:3128 TCP TTL:114 TOS:0x0 ID:6157 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF23507D Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:618:1] INFO - Possible Squid Scan [**] [Classification: Attempted Information Leak] [Priority: 2] 05/26-19:50:42.346692 208.47.179.41:2295 -> 213.107.68.205:3128 TCP TTL:114 TOS:0x0 ID:6622 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF23507D Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:620:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 05/26-19:50:44.556800 208.47.179.41:2795 -> 213.107.68.205:8080 TCP TTL:114 TOS:0x0 ID:7112 IpLen:20 DgmLen:48 DF ******S* Seq: 0x10AE85FF Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:620:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 05/26-19:50:47.549390 208.47.179.41:2795 -> 213.107.68.205:8080 TCP TTL:114 TOS:0x0 ID:7617 IpLen:20 DgmLen:48 DF ******S* Seq: 0x10AE85FF Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK My BOF now refuses to listen for HTTP, instead bringing up an "error" box saying: "Can't bind socket. If you are running a server that listens on port 80 you should disable HTTP listening". I am not running a server. Can anyone explain what this means, how serious these alerts are, and if there is a possibility my system has been compromised? Many thanks Melanie Woodward