[SQU] SQUID as IRC proxy???

From: M. Yu <myu@dont-contact.us>
Date: Sat, 13 Jan 2001 21:12:40 +0800

Hello all,

I just got on IRC and was surprised to see someone with the IP of my proxy
server. I did a /dns and a /whois on the nickname and it returned the IP of
my proxy server instead of another IP which would happen if what I saw was
merely a setting on the IRC client. I found out that this was a program
being run by someone on my network and he said that he's using my server as
a IRC proxy. I KNOW squid is SUPPOSED TO BE just a http proxy (not even
SOCKS). No other processes are running on my machine except for squid and
the basic processes like mingetty, syslog, etc. To be sure I even
transferred a new PS just in case this person was able to get into my
machine and replaced PS to hide any processes like eggdrops or bouncers.
Nada, I didn't find anything there. When I killed squid, the bot timed out
from IRC. Anyone know why this is happening and how??? The only port I use
is 3128, icp (hence 3130) is disabled. The person running this bot is a
script kiddie and not that sophisticated so I am fairly certain he's telling
the truth when he said he was just using a proggy he got from the Internet
and hasn't "hacked" into my system (I don't have any shell accounts except
for root and this account can only log in from the console). Any ideas?

M. Yu

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Sat Jan 13 2001 - 06:12:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST