LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-26-2008, 01:04 PM   #16
mrlinux2000
Member
 
Registered: Feb 2008
Posts: 144

Original Poster
Rep: Reputation: 15

may be cause in my lan there are Windows XPs ...
 
Old 02-26-2008, 05:48 PM   #17
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by mrlinux2000
when i look at squid log i see that following :

217.147.30.32 TCP_DENIED/403 1372 POST http://registrace.atlas.cz/verify.aspx - NONE/- text/htm

is this an attack and if it is how to prevent it ??

i have fedora core 3 and using squid as proxy and i have lcoal client and using nat
Based on what you've posted here, a malicious program running on one of your Windows client boxes may be a good hypothesis for now. Is the client IP address in your squid log always the same when this happens? How frequently are you seeing these entries? Is it always trying to perform a single POST operation to the same http site?

As an aside, you really need to get your infrastructure updated. Fedora Core 3 is outdated and unsupported at this stage of the game. (Fedora is up to 8, with 9 in the works as of this writing.) When you're in a potentially hostile environment you should be running an OS that receives regular security updates.
 
Old 02-27-2008, 05:38 AM   #18
mrlinux2000
Member
 
Registered: Feb 2008
Posts: 144

Original Poster
Rep: Reputation: 15
yes always the same ip and try that repeatdly
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Please do not attack me anasmich General 1 08-28-2007 11:48 AM
Possible Attack Jason72 Linux - Security 7 08-06-2007 06:55 PM
Does anyone see attack like this? fedora4002 Linux - Security 1 01-30-2007 05:04 PM
What to do during an attack? revenant Linux - Security 9 04-02-2004 12:18 AM
Help I am UNDER ATTACK... needamiracle Linux - Security 28 04-22-2003 12:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration