[squid-users] Squid Behavior to Ping Destination on Registered Ports

Antony Stone Antony.Stone at squid.open.source.it
Sat Nov 18 22:46:41 UTC 2017 

On Saturday 18 November 2017 at 22:37:20, Kevin Wong wrote:

> > Date: Sat, 18 Nov 2017 22:06:31 +0000
> > From: Antony Stone <Antony.Stone at squid.open.source.it>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] Squid Behavior to Ping Destination on
> > 
> >         Registered      Ports
> > 
> > Message-ID: <201711182206.31894.Antony.Stone at squid.open.source.it>
> > Content-Type: Text/Plain;  charset="iso-8859-15"
> > 
> > On Saturday 18 November 2017 at 21:21:38, Kevin Wong wrote:
> > > My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable
> > > ports
> > 
> > That makes no sense.  ICMP doesn't use port numbers.
> 
> That is why I asked the list and was a follow up question if somebody
> replied it is "normal traffic to find the path to the destination or
> proxies in between".

So what does your firewall mean by catching "outbound ICMP flows using 
vulnerable ports"?

What exactly is it catching and complaining about?

> > > before initiating outbound HTTP traffic.  I am running an updated Squid
> > > Proxy on Ubuntu 16.04.  Can anybody explain or confirm the Squid
> > > behavior?
> > 
> > What ICMP traffic are you blocking and why?
> 
> Besides some basic IDS rules, I'm not blocking ICMP traffic.

Well:

Oct 15 10:46:47  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1536->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny

certainly looks like blocked ICMP traffic to me.

> What's being blocked are all ports

So, that means UDP and TCP (but not ICMP)

> that are not explicitly allowed outbound.  In this case, ports 1024, 1280,
> and 1536 were blocked and 80/tcp, 53/udp are allowed outbound.

Where are those blocked port numbers in your firewall logs?


Antony.

-- 
Pavlov is in the pub enjoying a pint.
The barman rings for last orders, and Pavlov jumps up exclaiming "Damn!  I 
forgot to feed the dog!"

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list