Hallo! Du (M. Yu) hast geschrieben:
>I just got on IRC and was surprised to see someone with the IP of my proxy
>server. I did a /dns and a /whois on the nickname and it returned the IP of
>my proxy server instead of another IP which would happen if what I saw was
>merely a setting on the IRC client. I found out that this was a program
>being run by someone on my network and he said that he's using my server as
>a IRC proxy. I KNOW squid is SUPPOSED TO BE just a http proxy (not even
>SOCKS). No other processes are running on my machine except for squid and
>the basic processes like mingetty, syslog, etc. To be sure I even
>transferred a new PS just in case this person was able to get into my
>machine and replaced PS to hide any processes like eggdrops or bouncers.
>Nada, I didn't find anything there. When I killed squid, the bot timed out
>from IRC. Anyone know why this is happening and how??? The only port I use
>is 3128, icp (hence 3130) is disabled. The person running this bot is a
>script kiddie and not that sophisticated so I am fairly certain he's telling
>the truth when he said he was just using a proggy he got from the Internet
>and hasn't "hacked" into my system (I don't have any shell accounts except
>for root and this account can only log in from the console). Any ideas?
I'd guess that you have an old proxy from the 1.1.x-series?
however: it is possible to (mis-)use a Squid Proxy via HTTP PUT to
connect to an IRC-Server. I don't know if there are scripts or clients
which can make this usable for 'normal' users (pointers welcome), but
with a little knowledge in irc-protociol and http-protocol you can do
it via telnet (i've tried that once.)
in the recent versions is a 'good port' definitioon and all other
ports were closed, in old versions there is a 'bad port' definition.
if you add an acl that stops outgfoing connections on port 6667 (opr
whereever the ircd is, you can stop this.
Maybe it's better to find out who is able to do this and if he mades
it himself without readymade stuff, offer him a job ;-)
Cord
-- Cord Beermann cord@Wunder-Nett.org (Privat) see how an ISP works: http://www.userfriendly.org/ -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Jan 13 2001 - 06:25:58 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST