I subscribe to the SANS Digest & Vol. 3 Num. 9 (Thu, 23 Sep 1999) has the
following warning:
sans@sans.org said:
> A high priority note from our intrusion detection program manager,
> Stephen Northcutt: Intrusion detection systems ranging from home
> computers with cable modems to high end government facilities have
> been reporting a large number of probes to TCP port 3128, the squid
> proxy service. If your site has a network monitoring capability and
> you DO NOT run squid and you detect this pattern over the next two
> weeks, please let us know by sending email to info@sans.org with
> intrusion 3128 in the subject line. If you are allowed to send the
> data trace, please sanitize any of your site's network information
> (destination host address) and send the data trace as well. Thank
> you!
> RK
SANS are at http://www.sans.org/
Anyone know anything more about this?
-- ----------------------------------------------------------------------------- | Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,| | Peter.Polkinghorne@brunel.ac.uk +44 1895 274000 x2561 UK | -----------------------------------------------------------------------------Received on Fri Sep 24 1999 - 03:29:03 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:32 MST