[Snort-users] SQUID scan proxy attempt
wbedford at ...4171...
Tue Feb 24 16:03:05 EST 2004
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Fabio
Sent: Saturday, February 21, 2004 5:42 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SQUID scan proxy attempt
I'm new to snort and i had setup a very simple test configuration. In
short, i run squid on 192.168.0.1 (and apache, snort with acid and so
on...) and i have a win98(192.168.0.2) client that access the internet
via this proxy server (192.168.0.1). Snort is detecting this access
(from 192.168.0.2 to 192.168.0.1) as a "SCAN squid proxy attempt". We
know it's not what's really happening. The server 192.168.0.1 has no
firewall rules. The only access control is done with squid.
Could anyone give an insight about this problem?
Thanks in advance to anyone of you.
Take a look at the automatic proxy configuration in the IE properties.
If it is checked, it may be your problem.
If this is garden-variety LAN you are working with, there is not much
sense in running that rule on the inside interface.
More information about the Snort-users