Re: [squid-users] Possible squid exploit?

From: Lizzy Dizzy <lizzy_99@dont-contact.us>
Date: Fri, 14 May 2004 10:12:52 +0000

Thanks!

I saw an entry inside access log that looks like:

GET ftp://site/path HTTP/1.X......

So does the user brower actually sends the request to port 80 or port 21?

Thanks

>From: Hendrik Voigtländer <hendrik@voigtlaenders.net>
>To: Lizzy Dizzy <lizzy_99@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] Possible squid exploit?
>Date: Thu, 13 May 2004 21:38:35 +0200
>
>ftp pasv (passive mode) uses hiport-hiport connections.
>
>Lizzy Dizzy wrote:
>
>>Hi everyone!
>>
>>I have a network setup such that my router will only throw dest port 80 &
>>8080 traffic (Transparent proxy) to my squid server.
>>Squid is listening to port 80 and 8080 only. I've got an acl that deny the
>>CONNECT method for being used for all ports except 443.
>>
>>When I do a netstat I found out that:
>>
>>myserverip:44271 202.103.8.114:4365
>>
>>where 203.103.8.114 is ftp1.tvdown.com
>>
>>The strange thing is that I cannot see any mention of this IP or domain
>>inside access.log.
>>
>>What could have cause squid to connect to that high port?
>>
>>Thanks
>>Liz
>>
>>_________________________________________________________________
>>Find love on MSN Personals http://personals.msn.com.sg/

_________________________________________________________________
Keep track of Singapore & Malaysia stock prices.
http://www.msn.com.sg/money/
Received on Fri May 14 2004 - 04:12:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT