Hi,
> Recently there was posted a notice on squid-users mailing list, which
> mentioned that squid allows to connect to some remote machine port and
> "talk" to it in interactive mode. Here I was playing with squid 1.1.2 and
> found this pretty interesting. (code attached). There's some problem with
> telnet connections when we "connect" using this method (since it "chats"
> with remote party apriory) but other services (like sendmail) go just
> fine. (I guess this might be used by spammers pretty wide for hiding their
> identity etc). Anyways interesting possibility (maybe nothing new
> actually).
I think, this exploit is not as critical as one may think at the first
time, because access to a given proxy is usually limited to the local
clients. So remote clients are usually forbidden to use the caching
service
Secondly, the access to dangerous services can be easily denied by the
cache if you use appropriate access control lists. It may be reasonable
to use these ACLs as a default configuration in the squid distribution.
(By default squid denies connection to the echo, discard and chargen
ports). The only thing a cache administrator has to do, is to add some
ports to the existing Dangerous_ports acl in the squid.conf file.
For example (I added telnet, smtp, pop-2, pop-3 and imap).
acl Dangerous_ports port 7 9 19 23 25 109 110 143
Cheers,
Bertold
Received on Mon Jul 13 1998 - 23:58:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:06 MST