[squid-users] Squid Behavior to Ping Destination on Registered Ports
Amos Jeffries
squid3 at treenet.co.nz
Sun Nov 19 02:19:00 UTC 2017
On 19/11/17 11:37, Kevin Wong wrote:
>
> From: Antony Stone
>
> On Saturday 18 November 2017 at 21:21:38, Kevin Wong wrote:
>
> > My firewall (Juniper SRX) caught outbound ICMP flows using
> vulnerable ports
>
> That makes no sense. ICMP doesn't use port numbers.
>
>
> That is why I asked the list and was a follow up question if somebody
> replied it is "normal traffic to find the path to the destination or
> proxies in between".
>
Squid does use ICMP echo to determine RTT to peers and servers to select
the fastest route. But it does not use ports, even sets the port in the
payload to 0 so DPI should not mistake it.
> > before initiating outbound HTTP traffic. I am running an updated
> Squid
> > Proxy on Ubuntu 16.04. Can anybody explain or confirm the Squid
> behavior?
>
> What ICMP traffic are you blocking and why?
>
>
> Besides some basic IDS rules, I'm not blocking ICMP traffic. What's
> being blocked are all ports that are not explicitly allowed outbound.
> In this case, ports 1024, 1280, and 1536 were blocked and 80/tcp, 53/udp
> are allowed outbound.
>
Amos
More information about the squid-users
mailing list