Quote:
Originally Posted by mrlinux2000
when i look at squid log i see that following :
217.147.30.32 TCP_DENIED/403 1372 POST http://registrace.atlas.cz/verify.aspx - NONE/- text/htm
is this an attack and if it is how to prevent it ??
i have fedora core 3 and using squid as proxy and i have lcoal client and using nat
|
Based on what you've posted here, a malicious program running on one of your Windows client boxes may be a good hypothesis for now. Is the
client IP address in your squid log always the same when this happens? How frequently are you seeing these entries? Is it always trying to perform a single POST operation to the same http site?
As an aside, you really need to get your infrastructure updated. Fedora Core 3 is outdated and unsupported at this stage of the game. (Fedora is up to 8, with 9 in the works as of this writing.) When you're in a potentially hostile environment you should be running an OS that receives regular security updates.