[dundee] Customer PC...switch on and why SQUID is so useful

Robert Ladyman it at file-away.co.uk
Fri Mar 20 14:54:58 UTC 2009 

Switch on the customer's problem pc, tailing the squid log. First thing it 
tries to do is get a whole load of information from the default gateway, which 
all seem to be vulnerabilities. For instance...

/cgi-bin/webcm DSL-504T Remote access without password bug

This is why squid is soooo useful...not to mention that none of the exploits 
worked because of an intermediate linux firewall. Ho ho. What a naughty 
trojan, though.

==> /var/log/squid/access.log <==
   GET http://192.168./setup.htm - DIRECT/192.168.33.1 text/html
   GET http://192.168./st_device.html - DIRECT/192.168.33.1 text/html
   GET http://192.168./SysInfo.htm - DIRECT/192.168.33.1 text/html   
   GET http://192.168./Status.htm - DIRECT/192.168.33.1 text/html    
   GET http://192.168./setup.cgi? - DIRECT/192.168.33.1 text/html    
   GET http://192.168./con_wel.htm - DIRECT/192.168.33.1 text/html   
   GET http://192.168./ - DIRECT/192.168.33.1 text/html              
   GET http://192.168./BAS_ether_h.htm - DIRECT/192.168.33.1 text/html
   GET http://192.168./index.asp - DIRECT/192.168.33.1 text/html      
   GET http://192.168./index.php - DIRECT/192.168.33.1 text/html      
   GET http://192.168./SetupDHCP.htm - DIRECT/192.168.33.1 text/html  
   GET http://192.168./login.htm - DIRECT/192.168.33.1 text/html      
   GET http://192.168./ - DIRECT/192.168.33.1 text/html               
   GET http://192.168./cgi-bin/webcm? - DIRECT/192.168.33.1 text/html 
   GET http://192.168./hpppoe.htm - DIRECT/192.168.33.1 text/html     
   GET http://192.168./advance/ad-admin-system.htm - DIRECT/192.168.33.1 
text/html
   GET http://192.168./install.asp - DIRECT/192.168.33.1 text/html                
   GET http://192.168./hwizard.htm - DIRECT/192.168.33.1 text/html                
   GET http://192.168./ - DIRECT/192.168.33.1 text/html                           
   GET http://192.168./help_Main.htm - DIRECT/192.168.33.1 text/html              
   GET http://192.168./st_devic.html - DIRECT/192.168.33.1 text/html              
   GET http://192.168./status.stm - DIRECT/192.168.33.1 text/html                 
   GET http://192.168./status.asp - DIRECT/192.168.33.1 text/html                 
   GET http://192.168./cgi-bin/webcm? - DIRECT/192.168.33.1 text/html             
   GET http://192.168./start.htm - DIRECT/192.168.33.1 text/html                                          


  GET http://192.168./Home/h_wizard.php - DIRECT/192.168.33.1 text/html
  GET http://192.168./index.html - DIRECT/192.168.33.1 text/html       
  GET http://192.168./ - DIRECT/192.168.33.1 text/html                 
  GET http://192.168./install.asp - DIRECT/192.168.33.1 text/html
  GET http://192.168./hwizard.htm - DIRECT/192.168.33.1 text/html
  GET http://192.168./ - DIRECT/192.168.33.1 text/html           
  GET http://192.168./help_Main.htm - DIRECT/192.168.33.1 text/html
  GET http://192.168./st_devic.html - DIRECT/192.168.33.1 text/html
  GET http://192.168./status.stm - DIRECT/192.168.33.1 text/html   
  GET http://192.168./status.asp - DIRECT/192.168.33.1 text/html     
  GET http://192.168./cgi-bin/webcm? - DIRECT/192.168.33.1 text/html 
  GET http://192.168./start.htm - DIRECT/192.168.33.1 text/html    


-- 

Robert Ladyman
File-Away Limited, 32 Church Street, Newtyle
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk

More information about the dundee mailing list