Re: [squid-users] Subverting Squid

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 25 Jun 2002 00:56:31 +0200

CONNECT server:25 HTTP/1.0
[blank line]

You can also try

POST http://server:25/ HTTP/1.0
Content-Length: 1000
[blank line]
[some junk]

Both should be firmly denied by Squid. If not then someone has
intentionally or by mistake disabled the default anti-abuse filters, and
quite likely worse [see next test].

Finally, if the above two tests was successful (properly denied) then
make sure access controls are set proper to deny open proxying. From a
network that should not be allowed to use the proxy send

GET http://some.server/ HTTP/1.0
[blank linke]

Regards
Henrik

"Ethy H. Brito" wrote:
>
> Dear Guru
>
> I searched thru the arquives and found references to HTTPort. I could
> not find this peace of SW. The fact is that I am receiving complains
> about spams coming from one of my clients. He (this clients) swears that
> its Squid config was not altered. I suspect he altered CONNECT
> configuration. Question: How can I simulate a CONNECT to port 25 via a
> telnet to his squid port? What is the sequence of commands?
> If I achieve this subversion I will shut his link down!
>
> Regards
>
> --
>
> Ethy H. Brito /"\
> InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
> +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
> S.J.Campos - Brasil / \
Received on Mon Jun 24 2002 - 16:55:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:48 MST