Pat Riehecky wrote:
I just put iptables on our squid box and noticed some very strange
activity (IPs have been changed to protect the innocent):
[44165032.82] Dropped default (OUTPUT): IN= OUT=eth0
SRC=MY.PROXY.IP.ADDRESS DST=SOME.RANDOM.IP.ADDR LEN=40 TOS=0x00
PREC=0x00 TTL=64
Kinkie wrote:
On 5/4/07, Pat Riehecky [EMAIL PROTECTED] wrote:
I just put iptables on our squid box and noticed some very strange
activity (IPs have been changed to protect the innocent):
[44165032.82] Dropped default (OUTPUT): IN= OUT=eth0
SRC=MY.PROXY.IP.ADDRESS
That supposes that the connection are with legitimate clients, but since the
OP referred to SOME.RANDOM.IP.ADDR, and connections ... to the outside
world, I suspect it was an open proxy.
Maybe.. It depends on how random they are...
Still the destination port is random, source port is my service
Indeed, after a bit of poking about it seems that you hit the nail on
the head now I am trying to figure out how to alter the expiration
times in iptables but that is a topic for another list if my google
time proves fruitless.
THANKS!
Pat
On Fri, 2007-05-04 at 21:52 +0200, Kinkie wrote:
On 5/4/07, Pat Riehecky [EMAIL PROTECTED] wrote:
Indeed, after a bit of poking about it seems that you hit the nail on
the head now I am trying to figure out how to alter the expiration
times in iptables but that is a topic for another list if my google
time proves fruitless.
I suggest
Kinkie wrote:
That supposes that the connection are with legitimate clients, but since
the OP referred to SOME.RANDOM.IP.ADDR, and connections ... to the
outside world, I suspect it was an open proxy.
Maybe.. It depends on how random they are...
Still the destination port is random, source