[Snort-users] SQUID scan proxy attempt

Wally Bedford wbedford at ...4171...
Tue Feb 24 16:03:05 EST 2004

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Fabio
Sent: Saturday, February 21, 2004 5:42 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SQUID scan proxy attempt


I'm new to snort and i had setup a very simple test configuration. In
short, i run squid on (and apache, snort with acid and so
on...) and i have a win98( client that access the internet
via this proxy server ( Snort is detecting this access
(from to as a "SCAN squid proxy attempt". We
know it's not what's really happening. The server has no
firewall rules. The only access control is done with squid.

Could anyone give an insight about this problem?

Thanks in advance to anyone of you.

Take a look at the automatic proxy configuration in the IE properties.
If it is checked, it may be your problem.

If this is garden-variety LAN you are working with, there is not much
sense in running that rule on the inside interface.


More information about the Snort-users mailing list