On May 23, 12:33pm, Squid Support (Henrik Nordstrom) wrote:
> Bryan Ragon wrote:
>
> > You obviously know more about http proxies & methods that I: Is allowing
> > the CONNECT method to only a specific host at a specific IP a security
> > hole, or does it take a more "open" set of acl's to create a security
> > breach? How could this be abused? I'm sure there's a way, I just want
> > to make sure I cover all my bases.
>
> Not if done correctly.
>
> Problem is that many don't and simply remove the restrictions on CONNECT,
> and then become surprised to find that there is other applications abusing
> CONNECT to connect to various strange services on the Internet.
>
> A very common abuse of CONNECT is to use a open HTTP proxy to send SMTP spam
> with a false originator address.
Quite. A method of checking for this vulnerability (if you've got a host
available that the machine should not proxy for) can be via using the
programs available at http://www.dsbl.org and/or
http://www.blitzed.org/bopm.
-Allen
-- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin FranklinReceived on Thu May 23 2002 - 10:50:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:12 MST