1 |
I could use some help here. I have emerged Snort on my system here (along |
2 |
with SnortSnarf) and have been watching the alerts. What is causing my |
3 |
concern it that my server is being reported as a source for serveral web |
4 |
based attack signatures to a host of unknown destinations. I have spent |
5 |
some time cleaning and rebuilding the server with no luck until I turned |
6 |
off Squid. |
7 |
|
8 |
BTW, all clients behind the squid box were turned off to insure the server |
9 |
was the source. |
10 |
|
11 |
I am using the latest portage ebuild Squid-2.5.11 Stable with a clean |
12 |
build and I still get alerts from my box as source. Running 2.6.13-r5 |
13 |
kerel. I have tried Nessus to see if any un-authorized port was running |
14 |
(nothing other than standard ports) and ran McAfee linux virus scan |
15 |
(nothing there either). |
16 |
|
17 |
I did not see anything on the web that would explain an exploit such as a |
18 |
worm or trojan that is based on the current Squid build. |
19 |
|
20 |
Any advise on the next thing to look at? I am starting to wonder if its |
21 |
the squid ebuild. |
22 |
|
23 |
Thank you in advance, |
24 |
JohnF |
25 |
|
26 |
-- |
27 |
gentoo-security@g.o mailing list |