Thanks for the link, it helped me to secure our proxy server a bit more.
Though I think the risk was not that high: squid was actually listening on port 3128 of all interfaces, but there were no risky "http_access allow" rules before the "http_access deny CONNECT !SSL_ports" rule.
Besides, my own firewall script monitors tcp SYN packages sent from any illegal IP address to any troian ports (including port 3128, too) of our firewall, and denies and logs the sender's IP address within a minute upon just one single attempt.
(FreeBSD's ipfw firewall has so clean syntax, and it is so easy to add or delete firewall rules on the fly, that I was tempted to write my own portscan detection script, which works fine)
Checking the logs of the script, to my suprise, I found no connection attempts to port 3128 ever since the script is in operation (more than a year), though there were many connection attempts to ports 80 and 8080 (where nothing listens here).
As for the SOCKS proxy server: we have none.
Last edited by J_Szucs; 09-23-2004 at 02:20 AM.
|