[squid-users] Squid Behavior to Ping Destination on Registered Ports
Kevin Wong
kevin at coretechx.com
Sat Nov 18 21:21:38 UTC 2017
My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports
before initiating outbound HTTP traffic. I am running an updated Squid
Proxy on Ubuntu 16.04. Can anybody explain or confirm the Squid behavior?
Oct 15 03:53:37 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1024->91.189.91.23/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
Oct 15 08:06:20 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1280->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
Oct 15 10:46:47 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1536->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
For more details and flow examples, I posted on serverfault:
https://serverfault.com/questions/879394/squid-proxy-using-vulnerable-ports
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171118/72bfe332/attachment.html>
More information about the squid-users
mailing list