<div dir="ltr"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;clear:both;color:rgb(36,39,41)"><font face="arial, helvetica, sans-serif">My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports before initiating outbound HTTP traffic.  I am running an updated Squid Proxy on Ubuntu 16.04.  Can anybody explain or confirm the Squid behavior?</font></p><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;width:auto;max-height:600px;overflow:auto;word-wrap:normal"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;white-space:inherit"><font face="arial, helvetica, sans-serif" color="#000000">Oct 15 03:53:37  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied <a href="http://10.1.1.1/1024-">10.1.1.1/1024-</a>><a href="http://91.189.91.23/42518">91.189.91.23/42518</a> 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
<br></font></code></pre><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;width:auto;max-height:600px;overflow:auto;word-wrap:normal"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;white-space:inherit"><font face="arial, helvetica, sans-serif" color="#000000">Oct 15 08:06:20  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied <a href="http://10.1.1.1/1280-">10.1.1.1/1280-</a>><a href="http://91.189.91.26/42518">91.189.91.26/42518</a> 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
<br></font></code></pre><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;width:auto;max-height:600px;overflow:auto;word-wrap:normal"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;white-space:inherit"><font face="arial, helvetica, sans-serif" color="#000000">Oct 15 10:46:47  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied <a href="http://10.1.1.1/1536-">10.1.1.1/1536-</a>><a href="http://91.189.91.26/42518">91.189.91.26/42518</a> 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny</font></code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;clear:both;color:rgb(36,39,41)"><font face="arial, helvetica, sans-serif"><br></font></p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;clear:both;color:rgb(36,39,41)"><font face="arial, helvetica, sans-serif">For more details and flow examples, I posted on serverfault:</font></p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;vertical-align:baseline;clear:both;color:rgb(36,39,41)"><font face="arial, helvetica, sans-serif"><a href="https://serverfault.com/questions/879394/squid-proxy-using-vulnerable-ports">https://serverfault.com/questions/879394/squid-proxy-using-vulnerable-ports</a></font></p><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div></div></div></div></div></div></div></div>
</div>