Re: Squid security

To: "Rishi L Khan" <rishi@udel.edu>, "Chris Harrison" <ChrisHarrison@bigpond.com>
Cc: <robr@mikka.net.au>, "'Debian Security'" <debian-security@lists.debian.org>
Subject: Re: Squid security
From: "Ian McDonald" <iam@st-andrews.ac.uk>
Date: Tue, 4 Dec 2001 15:56:19 -0000
Message-id: <[🔎] 01f301c17cdc$38e5fb10$8221fb8a@grimreaper>
References: <[🔎] Pine.SOL.4.31.0112041026090.7292-100000@copland.udel.edu>

That's majorly overkill when there's access controls in squid itself. Why
take a sledgehammer to break a nut.

--
ian

----- Original Message -----
From: "Rishi L Khan" <rishi@udel.edu>
To: "Chris Harrison" <ChrisHarrison@bigpond.com>
Cc: <robr@mikka.net.au>; "'Debian Security'"
<debian-security@lists.debian.org>
Sent: Tuesday, December 04, 2001 3:27 PM
Subject: RE: Squid security


> Another way to do it is setup an automatic proxy script that tells the
> browser which port on the squid box to go to. Then you can periodically
> change the port. (Or you can just change to an obscure port and hope less
> people find it).
>
> -rishi
>
> On Tue, 4 Dec 2001, Chris Harrison wrote:
>
> > If the IP address was staying the same, you could easily add a reference
> > to /etc/hosts.deny  But since you state that this is not the case it
> > will all be a little trickier.  There is no relevance as to whether the
> > IP addresses can resolve into host names or not.
> >
> > I would suggest that the best solution would be to firewall off the
> > ports that squid uses on your box from unauthorized users.  How you go
> > about this is dependent on what kernel you are using and where your
> > firewall is.  If you need squid to be accessible from the outside world,
> > you may want to consider adding authentication to squid to stop random
> > hippies using your squid/bandwidth instead.  I believe this is made
> > possible through ACL (Access control Lists) in the most part.  Looking
> > through /etc/squid.conf here shows me that you can make ACL's to limit
> > access to certain IP's by the time of day etc.
> > There is a setting called authenticate_program in my squid.conf file.
> > What it does is supply the authenticate program and a password list for
> > all the valid users.
> >
> >
> > -----Original Message-----
> > From: robr@mikka.net.au [mailto:robr@mikka.net.au]
> > Sent: Wednesday, 5 December 2001 12:21 PM
> > To: Debian Security
> > Subject: Squid security
> >
> > Recently, I had someone trying to browse the web from one of our servers
> > via squid.  Luckily, I didn't need squid for this machine, so I took it
> > off and emailed the hostmaster of the domain the person was doing it
> > from..luckily the IP address was the same.  i also managed to get the
> > IP address blocked by our ISP.
> >
> > On another server, which I have squid running and want running, I keep
> > getting accesses from http://service.bfast.com/bfast/serve and someone
> > seems to be accessing web pages late at night when everyone has gone
> > home.  Trouble is, the IP addresses that access squid don't have host
> > names (ie. they don't exist) and they keep changing.  Is there any way
> > to block access to this and is there a good FAQ, etc.
> >
> > It seems strange though, as the access is every few minutes and the
> > pages accessed have ads involved,while the first person (above) was
> > accessing squid regularly in spurts.
> >
> >
> > Thanks
> >
> > Robert..
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

References:
- RE: Squid security
  - From: Rishi L Khan <rishi@UDel.Edu>

Prev by Date: Re: Re: Squid security
Next by Date: Re: VI wrapper for SUDO? - another bad way ??
Previous by thread: RE: Squid security
Next by thread: RE: Squid security
Index(es):
- Date
- Thread