Re: [squid-users] Possible squid exploit?

The user browser talks to squid (Port 3128,8080 whatever) using http.
Squid is unable to use ftp on the client side, that is a lot of
ftp-clients can not be used with squid.
Squid connects to ftp-Server Port 21 (control), Server tells the client
a Hiport. Squid connects this Port for Data. (PASV) If you are inside a
firewall you are most certainly using PASV. (Dont know if this is the
squid default). File is delivered to browser via http.

Regards, Hendrik

Lizzy Dizzy wrote:

> Thanks!
>
> I saw an entry inside access log that looks like:
>
> GET ftp://site/path HTTP/1.X......
>
> So does the user brower actually sends the request to port 80 or port 21?
>
> Thanks
>
>
>> From: Hendrik Voigtländer <hendrik@voigtlaenders.net>
>> To: Lizzy Dizzy <lizzy_99@hotmail.com>
>> CC: squid-users@squid-cache.org
>> Subject: Re: [squid-users] Possible squid exploit?
>> Date: Thu, 13 May 2004 21:38:35 +0200
>>
>> ftp pasv (passive mode) uses hiport-hiport connections.
>>
>> Lizzy Dizzy wrote:
>>
>>> Hi everyone!
>>>
>>> I have a network setup such that my router will only throw dest port
>>> 80 &
>>> 8080 traffic (Transparent proxy) to my squid server.
>>> Squid is listening to port 80 and 8080 only. I've got an acl that
>>> deny the
>>> CONNECT method for being used for all ports except 443.
>>>
>>> When I do a netstat I found out that:
>>>
>>> myserverip:44271 202.103.8.114:4365
>>>
>>> where 203.103.8.114 is ftp1.tvdown.com
>>>
>>> The strange thing is that I cannot see any mention of this IP or domain
>>> inside access.log.
>>>
>>> What could have cause squid to connect to that high port?
>>>
>>> Thanks
>>> Liz
>>>
>>> _________________________________________________________________
>>> Find love on MSN Personals http://personals.msn.com.sg/
>
>
> _________________________________________________________________
> Keep track of Singapore & Malaysia stock prices.
> http://www.msn.com.sg/money/
Received on Fri May 14 2004 - 11:12:31 MDT