Re: FW: WARNING: By-passing MS Proxy packet filtering

From: Duane Wessels <>
Date: Fri, 09 Oct 1998 17:00:29 -0600

"Jordan Mendelson" writes:

>As far as I can tell, Squid is not vulnerable to this style exploit (to a
>point). I was unable to pass a ^J through an HTTP header to get something on
>it's own line (required for SMTP "." and anything else which will not allow
>Can anyone confirm this? Standard attack would look like this:
># telnet squid 3128
>helo :
>mail from:
>rcpt to:
>data :
>There is a similar gopher attack, however gopher is probably disabled on
>everyone's Squid proxy :)

Squid has this sort of hole as well. With the most recent version
you can plug it by uncommenting these lines in the default squid.conf:

        acl Safe_ports port 80 21 70 1025-65535
        http_access deny !Safe_ports

I just realized that probably prevents valid SSL ports 443 and 563

Duane W.
Received on Fri Oct 09 1998 - 16:01:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST