Squid 2.4STABLE6 on RH7.3
What exploit is happening?
IP addresses attacking me:
209.189.55.195 to 205. (10 consecutive addresses)
They are hitting port 3128.
They are causing my RH Box to send
ALOT of traffic to all kinds of places
with names that include mx...hotmail...yahoo mail...etc.
I assume some spammer is exploiting port 3128
to cause me to relay spam for them? I killed
sendmail but the spamming continued.
I can kill squid, which stops me from being
a spam conduit. I prefer not to kill squid.
So I put in a firewall rule to deny everything
from 209.189.55.x when going to my external
port 3128.
This seems to have blocked it however I am still
currently under attack from the miscreant.
The attack was going on for 4 hours before I stopped it.
I suppose that for 4 hours the spammer pumped lots
of spam through my box???
It is still going on, though thank goodness I put
in the firewall rule and stopped it.
Any links to exploits and information is much appreciated.
I wonder how long this spammer is gonna keep on trying
to pump spam through my port 3128?
Thx gurus.
Received on Sun Dec 22 2002 - 22:01:25 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:11 MST