Let's see...
http://www.altavista.com
Query: "What is squid?"
2. What is Squid?
What is Squid? Caching Proxy Server. HTTP, FTP and Gopher data objects...
... It's not _that_ hard.
Quentin Antrim wrote:
>
> I'm sorry to ask a possibly obvious question, but what is SQUID?
> Thanks.
> Quentin Antrim
> City of Fort Collins
>
> >>> "Kevin Johnston" <[EMAIL PROTECTED]> 10/08 6:21 AM >>>
> I am aware of the recent flood of SQUID. Has anyone experienced port
> scans for port 53 and 1080? I have a cable modem at home (I know, I know,
> bad, bad...).
>
> ABout every Saturday night between 6pm and 9pm I get port scanned and
> NukeNabber knocks them off. However, the fact they are scanning for DNS and
> SOCKS concerns me as an IT professional.
> I have probably turned in a dozen or more addresses to the ISPs the scans
> are coming from but as usual, no response back.
>
> Curious if anyone else is seeing this activity and if so, if you have found
> any information to share.
>
> Kevin
>
> ----- Original Message -----
> From: Randall, Mark <[EMAIL PROTECTED]>
> To: Bill Fox <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, October 08, 1999 2:57 AM
> Subject: RE: Squid probes ?
>
> > Are you running a sniffer, or using some other method to examine the
> packets
> > themselves?
> >
> > I would check the variations in source IP with the TTL value. All those
> > different sources are very unlikely to be the exact same number of hops
> > away.
> >
> >
> > -----Original Message-----
> > From: Bill Fox [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, October 07, 1999 9:29 PM
> > To: Firewalls mailing list; Jeff Younker
> > Subject: Re: Squid probes ?
> >
> >
> > From my vantage point at least, it appears to be *true* probing, since the
> > source IP varies significantly. I see 'hits' literally from around the
> > globe, and they're more prevalent at night/weekends. They also
> *origninate*
> > (spoofs, compromises very possible/probable..) from universities, small
> > ISP's, even government organizations. Thus it would seem highly unlikely
> > that it's caused by commercial entities. And 'conferencing' with such
> > locations as Pakistan, Iran, China, etc. isn't a distinct possibility at
> my
> > location, at least. Anything's possible, though :).
> >
> > --Bill
> >
> > ----- Original Message -----
> > From: Jeff Younker <[EMAIL PROTECTED]>
> > To: 'Joshua Chamas' <[EMAIL PROTECTED]>; Bill Fox <[EMAIL PROTECTED]>
> > Cc: Firewalls mailing list <[EMAIL PROTECTED]>
> > Sent: Thursday, October 07, 1999 2:35 PM
> > Subject: RE: Squid probes ?
> >
> >
> > Are you sure it's abuse and not some web conference application, or some
> web
> > page generated (such as a stock reporting page) that's trying to tunnel
> > information via HTTP? Is it associated with an outbound HTTP connection
> > from your one of your users?
> >
> > - Jeff Younker - [EMAIL PROTECTED] - These are my opinions, not MDL's -
> >
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
