Fwd: [squid-users] Problem with cache poisoning

From: <mortbox@dont-contact.us>
Date: Sat, 31 Jan 2004 20:50:14 -0500

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: Henrik Nordstrom <hno@squid-cache.org>
To: Hans-Christian Prytz <hans-christian.prytz@ft.dep.no>
Date: Thursday, January 29, 2004, 6:27:49 AM
Subject: [squid-users] Problem with cache poisoning

===8<==============Original message text===============
On Thu, 29 Jan 2004, Hans-Christian Prytz wrote:

> Henrik Nordstrom <hno@squid-cache.org> writes:
>
> > Exacly what traffic is in the dagbaldet_2702.dmp trace? This looks very
> > odd and the originator of this connection (132.150.0.76:65361) seems to be
> > completely lost.
>
> Exactly. For some reason it's keeping a connection open and requesting a
> different site. I have no idea why, but I think this is the core of the problem.

To be precise it looks like this Trend proxy enters tunnel mode on the
connection, forwarding whatever it receives exacly as received (and most
likely withotu scanning it). Tunnel mode is used by some to hide proxy
problems by forwarding traffic a proxy can not deal with without actually
looking at what is forwarded, but fails miserably if the client is another
proxy not in tunnel mode such as a Squid proxy.

If this is the case then you should be able to work around this Trend HTTP
proxy bug by disabling server-side persistent connections in your Squid
configuration.

Regards
Henrik

===8<===========End of original message text===========

-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net
Received on Sat Jan 31 2004 - 19:41:59 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:11 MST