> -----Original Message----- > From: Johannes B. Ullrich [mailto:euclidianat_private] > Sent: Thursday, May 24, 2001 5:48 PM > Cc: incidentsat_private > Subject: RE: Scans for proxy??? > > I don't believe in any large organized effort to do > anything like that. The cracker community is not that > organized. You may have a guy come out with a new > tool like 'lion' or 'adore' and then others are jumping > on and modify it to suit their purposes. This has overall > the appearance of an organized wave. Who said anything about large and organized? A couple of reports does not qualify as large in my books. And as for organisation, do you really believe that there are no organized 'crackers'? There is a vast variety of skill levels out there. > Anyone wants to setup a few honepots? I don't here much > from the honeynet. Are they publishing the code they > capture someplace? (and does anyone have a simple > step-by-step guide as to how to setup a honeypot safely?) Quoting Jan Marek: > > > I got from my snort this alerts: is there some new > > > vulnerabilities for squid or other proxies? Non of this indicates that either a) he was running squid, or other proxies, or even if he was, b) whether his system was believed to be compromised. A couple of ideas off the top of my head: Firstly, the ability to anonymously exploit both the Unicode and CGI double-decode vulnerabilities. Secondly, money making scams via payment for banner ad 'clickthroughs' that record IP's. Thirdly, abusing voting pages (again, once per IP). ... ... You get the idea. Yes, there may be an as-yet-unpublished vulnerability in Squid, but on the balance on probabilities I'd go with Occam's Razor here and side with the above until proven otherwise. Take care, Andrew - Andrew Thomas office: +27 21 4889820 facsimile: +27 21 4889830 mobile: +27 82 7850166 "One trend that bothers me is the glorification of stupidity, that the media is reassuring people it's alright not to know anything. That to me is far more dangerous than a little pornography on the Internet." - Carl Sagan
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 09:44:53 PDT