[squid-users] RV: squid

Amos Jeffries squid3 at treenet.co.nz
Fri Jun 16 11:55:33 UTC 2017


On 16/06/17 18:33, javier perez wrote:
> Hello Matus,
>
> You are right, the thing is that our clients are not going to open any other
> port than 20 and 21 for security meassures (or lazyness).

FYI: The "for security" argument is bogus because;

a)  allowing any random client to determine their own arbitrary port 
number(s) is strictly worse for security than having your control point 
(Squid) select the port, and

b) limiting that client-selected port to 20/21 makes the data between 
client and Squid go over a port which is more easily predicted and 
therefore interceptable by passive attack.

Amos



More information about the squid-users mailing list