david@xxxxxxxxxxxxxxxx schrieb:
Hello Squid users all, I have a bad situation partially resolved: the past few days I have been blind-sided by a Trojan based browser hijacking. A script from Trendmicro has allowed me to navigate the net w/o being redirected to a porn site or similar. Notwithstanding I can see from running wireshark the culprit that Trendmicro has not found the signature to as of yet.
(...)
First of all : it is a very bad idea to continue working on an infected
machine. You do not know what exactly has happened to the system.
The only sensible thing is to start with a freshly setup system.
I am running: a Linux router/gateway, heavily firewalled (iptables)
Is this firewall also preventing access from the inside network to the
internet ("default deny") - because if not, using a proxy will not
prevent anybody from accessing the internet regardless what the proxy
setup is. squid translates requests that reach it; it has no means of
preventing internet access by other ways, e.g. directly. Since you say
you can ping the destination I assume that your firewall is not
preventing access to the sites in question.
Hope this helps,
Jakob Curdes
