Gentoo Archives: gentoo-security

From: "Brian G. Peterson" <brian@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Snort alert with Squid ?
Date: Sun, 06 Nov 2005 17:28:22
Message-Id: 200511061121.51020.brian@braverock.com
In Reply to: [gentoo-security] Snort alert with Squid ? by aa6qn@aa6qn.sytes.net
On Sunday 06 November 2005 10:03 am, aa6qn@×××××××××××.net wrote:
> I could use some help here. I have emerged Snort on my system here (along > with SnortSnarf) and have been watching the alerts. What is causing my > concern it that my server is being reported as a source for serveral web > based attack signatures to a host of unknown destinations. I have spent > some time cleaning and rebuilding the server with no luck until I turned > off Squid.
Could you please paste in copies of the warnings/alerts;log entries you are seeing? Also, have you done a packet capture manually on that port to see what is going on? It is about equally likely that snort is giving you a false positive as it is that anything is wrong with squid... Regards, - Brian -- gentoo-security@g.o mailing list

Replies

Subject Author
[gentoo-security] Re: Snort alert with Squid ? aa6qn@×××××××××××.net
Re: [gentoo-security] Snort alert with Squid ? xyon <xyon@×××××××××××.com>