[squid-users] RV: squid
javier perez
javier.perez at accelya.com
Fri Jun 16 11:57:43 UTC 2017
They could open just a range of 5 dinamic ports and monitor them
intensively...
> Hello Matus,
>
> You are right, the thing is that our clients are not going to open any
> other port than 20 and 21 for security meassures (or lazyness).
FYI: The "for security" argument is bogus because;
a) allowing any random client to determine their own arbitrary port
number(s) is strictly worse for security than having your control point
(Squid) select the port, and
b) limiting that client-selected port to 20/21 makes the data between client
and Squid go over a port which is more easily predicted and therefore
interceptable by passive attack.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list