|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] weird process?
|
Ah, I believe I see: You're saying the box is compromised in some other
way and squid is the tool they used _after_ they broke in to serve up
their mischief.
That makes sense.
Thanks,
Eric
James Barrett wrote:
> If squid were configured correctly, and there are no publicly known
> squid vulnerabilities for the version being run (and the version being
> run was compiled without any custom patches), it is probably safe to
> say that the point of unauthorized entry was not squid. Think about
> it this way, if someone discovered an unpublicized exploit and if they
> were out to do mischief, would they start by picking some gateway
> hooked up to a T1? No, they would probably pick something else with
> which they could wreak a gigantic amount of havoc.
>
> My uneducated guess is that whoever got in did so by some other means.
> They then took the opportunity to use squid to their advantage after
> the fact. Unless of course the squid being run was in fact
> vulnerable...
>
> --
> Jim
>
> On Tue, Nov 4, 2008 at 6:16 PM, Eric<eric@lucii.org> wrote:
>
>> Well, I'm not sure. Stopping squid stops the incessant network traffic
>> that saturates the T1 line but nobody is sure yet WHY.
>> The network wizards are working on it so I stay in the background
>> working on other things :-)
>> I'll post details as available - when I know them.
>>
>>
>> Eric
>>
>> George A. Theall wrote:
>>
>>> On Tue, Nov 04, 2008 at 12:55:44PM -0500, Eric wrote:
>>>
>>>
>>>
>>>> Turns out the system has been compromised (via a squid exploit we're
>>>> thinking)
>>>>
>>>>
>>> Just curious... Is this a 0-day or a known issue? Scanning through
>>> various vulnerability databases, I only see denial of service issues
>>> affecting Squid itself, at least going back through 2007.
>>>
>>> George
>>>
>>>
>> --
>> # Eric Lucas
>> #
>> # "Oh, I have slipped the surly bond of earth
>> # And danced the skies on laughter-silvered wings...
>> # -- John Gillespie Magee Jr
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group -- http://www.phillylinux.org
>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>>
>>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|