Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours


Our unpublished squid server was up for just 17 hours and 35 minutes before an attacker tried to use it as an open proxy. The attacker's bot knocked on our door from a Korea Telecom-assigned portable IP. The idea: Use our server to call a server running ip1.cgi, which is based on Proxy Judge. This is code designed to determine the security level of web proxies.

The fact that our visitor used Proxy Judge told us little about intent. That's because both white hats and black hats use programs like Proxy Judge and ip.cgi to return the IP addresses of calling computers. Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours

Linked by shanmuga Wednesday, 25th January 2006 10:39PM