RE: [squid-users] strange behaviour in access.log

Chris Robertson Fri, 19 Nov 2004 11:06:44 -0800

Looks to me like someone at 220.126.166.147 (owned by kornet.net) is trying
to make an "OPTIONS" request of your squid server and is being denied.


The second result in a Google search for "http options" (without quotes) is
to a page entitled "Attack Tool Kit 3.0 - HTTP OPTIONS method support
detection.plugin ...".

It seems to me you can put squid back on line and let it refuse these
requests.  In addition, you can firewall incoming requests to the Squid port
such that only traffic from allowed clients passed.

Chris

-----Original Message-----
From: BusyBoy [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 3:20 AM
To: [EMAIL PROTECTED]
Subject: [squid-users] strange behaviour in access.log


Hello,

Can anyone tell me what does this activity show, this is first time I
have seen this and I worried about it what's wrong with it.

My squid-box ip is = 202.45.145.2

and I am getting hits from this 220.126.166.147

Anyway I have stopped squid on this box now and will check what's
wrong with this.

Any help will be appriciated.




1100861048.756     12 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861128.309     24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html

1100860925.773     22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html



1100861207.958     21 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861245.732     25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861278.237     68 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861302.640     37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861306.359     41 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861311.255      7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861335.062     25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861338.443      1 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861341.834      9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861344.912      5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861368.076     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861370.186     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861372.054     25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861376.268      9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861421.872     14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861452.969     22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861554.924     29 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861665.085     11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861738.340      9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861762.331     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861766.039     24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861770.021      3 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861801.475     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861833.123     27 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861859.551     35 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861863.549     43 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861868.601     40 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861892.222     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861897.496     45 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861904.352     30 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861928.424     11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861937.304     38 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861984.062    101 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862030.566     71 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862101.964     11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862203.003     37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862365.682     16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862506.861      1 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862641.010     38 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862818.746     20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862874.180     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862930.284     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862963.763      6 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863000.025     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863026.342     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863029.505     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863031.485     24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863054.124     16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863056.420     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863058.546     20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863060.795      9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863062.240     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863063.410     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863087.077     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863089.719     24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863092.909      5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863095.468     29 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863118.328     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863121.423     21 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863126.656     22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863150.672     26 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863153.404     20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863155.745     37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863157.836     14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863179.924     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863181.303     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863183.620     42 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863186.083      2 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863188.470     37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863211.906     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863213.751     32 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863216.702     11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863221.551     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863508.640     34 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863738.398     25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864235.763     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864575.390     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864774.432      7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864863.286      5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864912.325     16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864966.732      5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865004.507     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865033.220     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865039.913     19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865063.763     28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865068.143     37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865072.926     64 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865096.952     22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865100.364     36 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865105.417     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865132.219      8 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865141.918     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865173.918     18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865197.378     39 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865200.758     72 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865204.525     33 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865208.911     26 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865233.247     45 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865239.154     23 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865249.127     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865274.907     14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865282.018     15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865307.506     41 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865314.485     69 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865338.910     56 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865341.881     13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865344.535     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865347.507      9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865370.551     28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865373.861     28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865794.162     27 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865795.520     35 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865796.955     17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865798.412     36 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865799.972     23 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865801.471     30 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865841.785     24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865845.355     20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865851.956      7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html



-- 
Nasir Mahmood
Systems + Network Admin.
Asia Net.

RE: [squid-users] strange behaviour in access.log

Reply via email to