Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Brian G. Peterson" <brian@...>
Subject: Re: Snort alert with Squid ?
Date: Sun, 6 Nov 2005 11:21:50 -0600
On Sunday 06 November 2005 10:03 am, aa6qn@... wrote:
> I could use some help here. I have emerged Snort on my system here (along
> with SnortSnarf) and have been watching the alerts. What is causing my
> concern it that my server is being reported as a source for serveral web
> based attack signatures to a host of unknown destinations. I have spent
> some time cleaning and rebuilding the server with no luck until I turned
> off Squid.

Could you please paste in copies of the warnings/alerts;log entries you are 
seeing?  

Also, have you done a packet capture manually on that port to see what is 
going on?

It is about equally likely that snort is giving you a false positive as it is 
that anything is wrong with squid...

Regards,

  - Brian
-- 
gentoo-security@g.o mailing list


Replies:
Re: Snort alert with Squid ?
-- aa6qn
Re: Snort alert with Squid ?
-- xyon
References:
Snort alert with Squid ?
-- aa6qn
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Snort alert with Squid ?
Next by thread:
Re: Snort alert with Squid ?
Previous by date:
Snort alert with Squid ?
Next by date:
Re: SSH probes


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.