Search squid archive

Re: Squid attack?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks - no traffic to 3128 right now, unless I browse from my lan.
Nothing listening on 3128 except squid.

On Sat, 2007-02-24 at 17:21 +0200, Denys wrote:
> Just check 
> tcpdump -n -i eth0 -X -s 1500 dst port SQUIDPORT
> 
> SQUIDPORT i guess must be 3128 
> 
> Then just look, what kind of requests there, maybe you will see headers of 
> software, possible dansguardian headers.
> Also try to stop dansguardian and see if it logs still continue.
> Do 
> netstat -anp|grep 3128
> to see who connecting to squid port
> 
> On Sat, 24 Feb 2007 15:15:26 +0000, Paul wrote
> > DAnsGuardian is on 8080 and that's closed to all but my lan. I do 
> > have 5801 and 5901 open for remote desktop, but I doubt that's a problem.
> > Is there a way to misconfigure apache2 to enable open proxy?
> > 
> > On Sat, 2007-02-24 at 09:21 +0100, Henrik Nordstrom wrote:
> > > [UTF-8?]lц╤r 2007-02-24 klockan 08:28 +0100 skrev Henrik Nordstrom:
> > > 
> > > > To diagnose after you have made changes somehow stopping the abuse then
> > > > checking all logs in detail is the only available, or maybe tcpdump
> > > > looking for users still trying to access the service and from that
> > > > derive how they gained access in the first place..
> > > 
> > > One educated guess: Maybe the port dansguardian is listening on is
> > > accessible from the outside.
> > > 
> > > Regards
> > > Henrik
> 
> 
> --
> Virtual ISP S.A.L.
> 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux