Thanks - no traffic to 3128 right now, unless I browse from my lan. Nothing listening on 3128 except squid. On Sat, 2007-02-24 at 17:21 +0200, Denys wrote: > Just check > tcpdump -n -i eth0 -X -s 1500 dst port SQUIDPORT > > SQUIDPORT i guess must be 3128 > > Then just look, what kind of requests there, maybe you will see headers of > software, possible dansguardian headers. > Also try to stop dansguardian and see if it logs still continue. > Do > netstat -anp|grep 3128 > to see who connecting to squid port > > On Sat, 24 Feb 2007 15:15:26 +0000, Paul wrote > > DAnsGuardian is on 8080 and that's closed to all but my lan. I do > > have 5801 and 5901 open for remote desktop, but I doubt that's a problem. > > Is there a way to misconfigure apache2 to enable open proxy? > > > > On Sat, 2007-02-24 at 09:21 +0100, Henrik Nordstrom wrote: > > > [UTF-8?]lц╤r 2007-02-24 klockan 08:28 +0100 skrev Henrik Nordstrom: > > > > > > > To diagnose after you have made changes somehow stopping the abuse then > > > > checking all logs in detail is the only available, or maybe tcpdump > > > > looking for users still trying to access the service and from that > > > > derive how they gained access in the first place.. > > > > > > One educated guess: Maybe the port dansguardian is listening on is > > > accessible from the outside. > > > > > > Regards > > > Henrik > > > -- > Virtual ISP S.A.L. >