Re: [PLUG] weird process?

James Barrett on 4 Nov 2008 16:48:52 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] weird process?

From: "James Barrett" <jadoba@jadoba.net>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] weird process?

Date: Tue, 4 Nov 2008 19:48:42 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

If squid were configured correctly, and there are no publicly known squid vulnerabilities for the version being run (and the version being run was compiled without any custom patches), it is probably safe to say that the point of unauthorized entry was not squid. Think about it this way, if someone discovered an unpublicized exploit and if they were out to do mischief, would they start by picking some gateway hooked up to a T1? No, they would probably pick something else with which they could wreak a gigantic amount of havoc. My uneducated guess is that whoever got in did so by some other means. They then took the opportunity to use squid to their advantage after the fact. Unless of course the squid being run was in fact vulnerable... -- Jim On Tue, Nov 4, 2008 at 6:16 PM, Eric <eric@lucii.org> wrote: > Well, I'm not sure. Stopping squid stops the incessant network traffic > that saturates the T1 line but nobody is sure yet WHY. > The network wizards are working on it so I stay in the background > working on other things :-) > I'll post details as available - when I know them. > > > Eric > > George A. Theall wrote: >> On Tue, Nov 04, 2008 at 12:55:44PM -0500, Eric wrote: >> >> >>> Turns out the system has been compromised (via a squid exploit we're >>> thinking) >>> >> >> Just curious... Is this a 0-day or a known issue? Scanning through >> various vulnerability databases, I only see denial of service issues >> affecting Squid itself, at least going back through 2007. >> >> George >> > > -- > # Eric Lucas > # > # "Oh, I have slipped the surly bond of earth > # And danced the skies on laughter-silvered wings... > # -- John Gillespie Magee Jr > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] weird process?
From: "George A. Theall" <theall@tifaware.com>

Re: [PLUG] weird process?
From: Eric <eric@lucii.org>

References:

Re: [PLUG] weird process?
From: "Brian Vagnoni" <bvagnoni@v-system.net>

Re: [PLUG] weird process?
From: Eric <eric@lucii.org>

Re: [PLUG] weird process?
From: "George A. Theall" <theall@tifaware.com>

Re: [PLUG] weird process?
From: Eric <eric@lucii.org>

Prev by Date: Re: [PLUG] weird process?

Next by Date: Re: [PLUG] weird process?

Previous by thread: Re: [PLUG] weird process?

Next by thread: Re: [PLUG] weird process?

Index(es):

Date

Thread