[24363] in bugtraq
Re: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]
daemon@ATHENA.MIT.EDU (Jason Haar)
Thu Feb 21 17:57:18 2002
Date: Thu, 21 Feb 2002 13:26:51 +1300
From: Jason Haar <Jason.Haar@trimble.co.nz>
To: bugtraq@securityfocus.com
Message-ID: <20020221002651.GA22120@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <15474.53126.412930.207302@hexadecimal.uoregon.edu>
On Tue, Feb 19, 2002 at 02:19:50PM -0800, Steve VanDevender wrote:
> It's not just Checkpoint Firewall that has a problem with HTTP CONNECT.
> From what I can tell default installations of the CacheFlow web proxy
> software, some Squid installations, some Apache installations with
> proxying enabled, and some other web proxy installations I haven't
> identified allow anyone to use the HTTP CONNECT method. This is being
> used more and more often to relay spam. This is a boon for spammers
The authors of Squid sorted that problem out YEARS ago. The default ACLs
within Squid state:
acl SSL_ports port 443 563
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
i.e. you can only use the CONNECT proxy option for ports 443 and 563.
I'm amazed this isn't the default in other products...
This is a really old problem...
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
