LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-11-2005, 05:45 PM   #1
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
open squid proxy


My ISP emailed me saying that people are accessing an open proxy on my network and are using it to send mass spam. How do I lock down my squid proxy so that internet users can not use my proxy server? I am using suse 9.3 to run my squid proxy. I'm not sure if suse handles its security different than iptables (SuSEFilewall2?).

My proxy server is sitting behind a hardware router with nat and all of the logs on my router look fine. Very few incoming and outgoing connections. Bascially its setup like:

DSL -> Router -> Squid Proxy/Gateway -> LAN

Any incoming connections to my proxy should be picked up by my routers logs right? Is it possible my ISP is making a mistake?

Last edited by msound; 07-11-2005 at 06:23 PM.
 
Old 07-11-2005, 06:50 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Debian, Android
Posts: 1,819

Rep: Reputation: 46
First and most importantly, get it off the Internet until you get it fixed. Second, look in your squid.conf for the following entry

# TAG: http_port
# Usage: port
# hostnameort
# 1.2.3.4ort
#
# The socket addresses where Squid will listen for HTTP client
# requests. You may specify multiple socket addresses.
# There are three forms: port alone, hostname with port, and
# IP address with port. If you specify a hostname or IP
# address, then Squid binds the socket to that specific
# address. This replaces the old 'tcp_incoming_address'
# option. Most likely, you do not need to bind to a specific
# address, so you can use the port number alone.
#
# The default port number is 3128.
#
# If you are running Squid in accelerator mode, then you
# probably want to listen on port 80 also, or instead.
#
# The -a command line option will override the *first* port
# number listed here. That option will NOT override an IP
# address, however.
#
# You may specify multiple socket addresses on multiple lines.
#
# If you run Squid on a dual-homed machine with an internal
# and an external interface then we recommend you to specify the
# internal addressort in http_port. This way Squid will only be
# visible on the internal address.
#
#Default:
# http_port 3128

Change the 3128 above to <yourinternalip>:3128

Squid by default listens to all interfaces. This is horrible for security. Set it to listen only on your internal ip, so that requests cannot originate from the web. Install sarg or squint to get a good look at who is using your squid proxy and for what.


Second, check your firewall. Go here for starters and run ShieldsUp

http://grc.com

Do a scan for common ports and see if your port 3128 is open. If so, your firewall needs serious work..

Also, if they are using you to send spam, it is likely not squid that is the problem. You may have a mail server like Postfix, Exim, or Sendmail listening on your external interface as well. If you are not trying to run a mail server, for gods sake, shut them off.. You ISP is being nice, I have seen several people have their connections cut off with very little notice because of this. If you don't have a mail server running, look to your windows boxes. They may have trojan spam servers installed.

Last edited by Pcghost; 07-11-2005 at 06:55 PM.
 
Old 07-11-2005, 07:12 PM   #3
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Original Poster
Rep: Reputation: 30
false alarm!

I called my ISP and they said that the incident happened on Friday at 12:36PM. That was the time we were servicing a laptop that had been infected with some kind of virus that was launching a DoS attack on another server. We immediately disconnected the laptop's network connection and removed the virus so it was a very isolated incident.

Everythings fine now thought and my ISP assured me that our broadband service would not be suspended ::sigh of relief::

Last edited by msound; 07-11-2005 at 07:23 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 12:25 PM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 02:38 AM
Need help to connect a squid proxy to connect to another squid proxy server bellerophon Linux - Newbie 1 02-07-2006 07:52 AM
Squid and Proxy.... jamiguel77 Linux - General 0 07-20-2005 11:33 AM
How to open ports 25 and port 110 on proxy server SQUID? fdavid Linux - Newbie 1 03-17-2005 12:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration