Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: aa6qn@...
Subject: Snort alert with Squid ?
Date: Sun, 6 Nov 2005 08:03:35 -0800 (PST)
I could use some help here. I have emerged Snort on my system here (along
with SnortSnarf) and have been watching the alerts. What is causing my
concern it that my server is being reported as a source for serveral web
based attack signatures to a host of unknown destinations. I have spent
some time cleaning and rebuilding the server with no luck until I turned
off Squid.

BTW, all clients behind the squid box were turned off to insure the server
was the source.

I am using the latest portage ebuild Squid-2.5.11 Stable with a clean
build and I still get alerts from my box as source. Running 2.6.13-r5
kerel. I have tried Nessus to see if any un-authorized port was running
(nothing other than standard ports) and ran McAfee linux virus scan
(nothing there either).

I did not see anything on the web that would explain an exploit such as a
worm or trojan that is based on the current Squid build.

Any advise on the next thing to look at? I am starting to wonder if its
the squid ebuild.

Thank you in advance,
JohnF

-- 
gentoo-security@g.o mailing list


Replies:
Re: Snort alert with Squid ?
-- Brian G. Peterson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [gentoo-security] SSH probes
Next by thread:
Re: Snort alert with Squid ?
Previous by date:
Re: SSH probes
Next by date:
Re: Snort alert with Squid ?


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.