[21377] in bugtraq
Re: Tunnel ports allowed on NetApp NetCaches
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Fri Jul 6 14:50:35 2001
Date: Fri, 6 Jul 2001 13:52:09 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: "Kevin O'Brien" <kevino@eonline.com>
Cc: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Message-ID: <20010706135209.G39113@ewok.creative.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <450A452751F25C4BA4E2228A5186D71606C5E516@LA_EXCHANGE.eentertainment.com>; from kevino@eonline.com on Thu, Jul 05, 2001 at 11:54:09AM -0700
On Thu, Jul 05, 2001, Kevin O'Brien wrote:
[snip]
> If you have +all you will want to look through your logs for anything using
> the CONNECT method instead of GET to see what ports outside people connected
> to. Fortunately, we only saw ports 443 and 25 to hosts outside our network.
>
> BTW, I contacted NetApp on Friday about this and they are still trying to
> write a Field Alert to their customers...and I thought M$ was slow.
This has been a known problem in the squid camp for
a long time now. I believe the ircache caches had HTTP CONNECT
disabled for this exact reason.
In fact, the squid default configuration denies HTTP CONNECT
to target ports other than 443/563.
Adrian
--
Adrian Chadd Yeah, for me its (XML) like the movie Titanic.
<adrian@creative.net.au> Everybody loves it.
I want to be different, so I hate it.
--Duane Wessels
