In article <001901c07d69$a7aaca80$04f786ca@websprinter.net>,
M. Yu <myu@websprinter.net> wrote:
>> I'd guess that you have an old proxy from the 1.1.x-series?
>
>No I have 2.3STABLE4 (compiled from SRPM).
>
>> if you add an acl that stops outgfoing connections on port 6667 (opr
>> whereever the ircd is, you can stop this.
>
>I only have the following ports defined in squid.conf
>There is no 6667 on it.
>Just in case I got a trojaned Squid, I got and recompiled a new Squid SRPM
>but the bot is still there (it dies when i stop squid)...any other ideas?
Perhaps someone outside your network is running an ircd, or an irc proxy,
on one of the allowed ports. Say port 80 or 443. The user in your
network then simply uses the CONNECT method to get a transparent
connection to outside.server.com:80.
Not much you can do about it, and pretty common.
You can try to find out from your squid logs which site this is,
and block it with an ACL - which will work until the person inside
finds another ircd or irc proxy on an 'allowed' port.
Mike.
-- The From: and Reply-To: addresses are internal news2mail gateway addresses. Reply to the list or to miquels@traveler.cistron-office.nl (Miquel van Smoorenburg) -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Jan 13 2001 - 07:21:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST