Re: [squid-users] Squid attack?

From: chuck.amadi <[email protected]>
Date: Sat, 24 Feb 2007 09:45:23 +0000

Hi

The best thing to have done is tighten up what sockets are listening if
you have socklist utility
run # socklist this should show tcp/udp sockets that are listening and
thus open.

Thus any sockets that are listening investigate what there are and why
you need them.
Run some tools like nikto, nessus and nmap and harden your box.
Before you commissioned your squid cache box this lot should have been done.
Thus you will know what services is open to the general populace.

Cheers

Henrik Nordstrom wrote:

>lör 2007-02-24 klockan 08:28 +0100 skrev Henrik Nordstrom:
>
>
>
>>To diagnose after you have made changes somehow stopping the abuse then
>>checking all logs in detail is the only available, or maybe tcpdump
>>looking for users still trying to access the service and from that
>>derive how they gained access in the first place..
>>
>>
>
>One educated guess: Maybe the port dansguardian is listening on is
>accessible from the outside.
>
>Regards
>Henrik
>
>
Received on Sat Feb 24 2007 - 02:45:31 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST