RE: [squid-users] strange behaviour in access.log from Chris Robertson on 2004-11-19 (squid-users)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 19 Nov 2004 10:04:45 -0900

Looks to me like someone at 220.126.166.147 (owned by kornet.net) is trying
to make an "OPTIONS" request of your squid server and is being denied.

The second result in a Google search for "http options" (without quotes) is
to a page entitled "Attack Tool Kit 3.0 - HTTP OPTIONS method support
detection.plugin ...".

It seems to me you can put squid back on line and let it refuse these
requests. In addition, you can firewall incoming requests to the Squid port
such that only traffic from allowed clients passed.

Chris

-----Original Message-----
From: BusyBoy [mailto:busyboy@gmail.com]
Sent: Friday, November 19, 2004 3:20 AM
To: squid-users@squid-cache.org
Subject: [squid-users] strange behaviour in access.log

Hello,

Can anyone tell me what does this activity show, this is first time I
have seen this and I worried about it what's wrong with it.

My squid-box ip is = 202.45.145.2

and I am getting hits from this 220.126.166.147

Anyway I have stopped squid on this box now and will check what's
wrong with this.

Any help will be appriciated.

1100861048.756 12 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861128.309 24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html

1100860925.773 22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html

1100861207.958 21 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861245.732 25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861278.237 68 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861302.640 37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861306.359 41 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861311.255 7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861335.062 25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861338.443 1 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861341.834 9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861344.912 5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861368.076 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861370.186 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861372.054 25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861376.268 9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861421.872 14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861452.969 22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861554.924 29 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861665.085 11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861738.340 9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861762.331 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861766.039 24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861770.021 3 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861801.475 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861833.123 27 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861859.551 35 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861863.549 43 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861868.601 40 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861892.222 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861897.496 45 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861904.352 30 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861928.424 11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861937.304 38 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100861984.062 101 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862030.566 71 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862101.964 11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862203.003 37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862365.682 16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862506.861 1 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862641.010 38 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862818.746 20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862874.180 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862930.284 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100862963.763 6 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863000.025 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863026.342 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863029.505 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863031.485 24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863054.124 16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863056.420 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863058.546 20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863060.795 9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863062.240 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863063.410 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863087.077 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863089.719 24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863092.909 5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863095.468 29 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863118.328 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863121.423 21 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863126.656 22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863150.672 26 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863153.404 20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863155.745 37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863157.836 14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863179.924 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863181.303 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863183.620 42 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863186.083 2 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863188.470 37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863211.906 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863213.751 32 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863216.702 11 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863221.551 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863508.640 34 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100863738.398 25 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864235.763 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864575.390 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864774.432 7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864863.286 5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864912.325 16 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100864966.732 5 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865004.507 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865033.220 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865039.913 19 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865063.763 28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865068.143 37 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865072.926 64 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865096.952 22 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865100.364 36 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865105.417 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865132.219 8 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865141.918 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865173.918 18 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865197.378 39 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865200.758 72 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865204.525 33 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865208.911 26 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865233.247 45 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865239.154 23 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865249.127 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865274.907 14 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865282.018 15 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865307.506 41 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865314.485 69 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865338.910 56 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865341.881 13 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865344.535 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865347.507 9 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865370.551 28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865373.861 28 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865794.162 27 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865795.520 35 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865796.955 17 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865798.412 36 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865799.972 23 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865801.471 30 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865841.785 24 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865845.355 20 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html
1100865851.956 7 220.126.166.147 TCP_DENIED/403 1369 OPTIONS
http://202.45.145.2/ - NONE/- text/html

-- 
Nasir Mahmood
Systems + Network Admin.
Asia Net.

Received on Fri Nov 19 2004 - 12:04:48 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST