Hallo, I got from my snort this alerts: is there some new vulnerabilities for squid or other proxies? IP address goes from Poland: Name: 137-mia-2.acn.waw.pl Address: 212.76.45.137 Sincerely Jan Marek [**] INFO - Possible Squid Scan [**] 05/24-04:36:30.469338 212.76.45.137:4562 -> xxx.xxx.xxx.65:3128 TCP TTL:116 TOS:0x0 ID:44266 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE544462A Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] INFO - Possible Squid Scan [**] 05/24-04:36:30.179338 212.76.45.137:4564 -> xxx.xxx.xxx.66:3128 TCP TTL:116 TOS:0x0 ID:44268 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE545D510 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ and more and more... [**] INFO - Possible Squid Scan [**] 05/24-04:36:31.569338 212.76.45.137:4682 -> xxx.xxx.xxx.125:3128 TCP TTL:116 TOS:0x0 ID:44626 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE5A57E5A Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] INFO - Possible Squid Scan [**] 05/24-04:36:34.509338 212.76.45.137:4682 -> xxx.xxx.xxx.125:3128 TCP TTL:116 TOS:0x0 ID:45407 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE5A57E5A Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ then second port: [**] SCAN Proxy attempt [**] 05/24-04:36:33.019338 212.76.45.137:4567 -> xxx.xxx.xxx.67:8080 TCP TTL:116 TOS:0x0 ID:45021 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE547CF24 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SCAN Proxy attempt [**] 05/24-04:36:30.489338 212.76.45.137:4571 -> xxx.xxx.xxx.69:8080 TCP TTL:116 TOS:0x0 ID:44275 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE54B2B3F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ and more and more... [**] SCAN Proxy attempt [**] 05/24-04:36:33.209338 212.76.45.137:4685 -> xxx.xxx.xxx.126:8080 TCP TTL:116 TOS:0x0 ID:45049 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE5ABE6C7 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SCAN Proxy attempt [**] 05/24-04:36:36.209338 212.76.45.137:4685 -> xxx.xxx.xxx.126:8080 TCP TTL:116 TOS:0x0 ID:45878 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE5ABE6C7 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ -- Ing. Jan Marek University of South Bohemia Academic Computer Centre Phone: +420-38-7772080
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 07:26:26 PDT