[squid-users] RV: squid
Amos Jeffries
squid3 at treenet.co.nz
Fri Jun 16 11:55:33 UTC 2017
On 16/06/17 18:33, javier perez wrote:
> Hello Matus,
>
> You are right, the thing is that our clients are not going to open any other
> port than 20 and 21 for security meassures (or lazyness).
FYI: The "for security" argument is bogus because;
a) allowing any random client to determine their own arbitrary port
number(s) is strictly worse for security than having your control point
(Squid) select the port, and
b) limiting that client-selected port to 20/21 makes the data between
client and Squid go over a port which is more easily predicted and
therefore interceptable by passive attack.
Amos
More information about the squid-users
mailing list