RE: Squid security

To: Chris Harrison <ChrisHarrison@Bigpond.com>
Cc: <robr@mikka.net.au>, "'Debian Security'" <debian-security@lists.debian.org>
Subject: RE: Squid security
From: Rishi L Khan <rishi@UDel.Edu>
Date: Tue, 4 Dec 2001 10:27:19 -0500 (EST)
Message-id: <[🔎] Pine.SOL.4.31.0112041026090.7292-100000@copland.udel.edu>
In-reply-to: <[🔎] 01b001c17cc5$0c520d30$0d00a8c0@blackwin>

Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).

		-rishi

On Tue, 4 Dec 2001, Chris Harrison wrote:

> If the IP address was staying the same, you could easily add a reference
> to /etc/hosts.deny  But since you state that this is not the case it
> will all be a little trickier.  There is no relevance as to whether the
> IP addresses can resolve into host names or not.
>
> I would suggest that the best solution would be to firewall off the
> ports that squid uses on your box from unauthorized users.  How you go
> about this is dependent on what kernel you are using and where your
> firewall is.  If you need squid to be accessible from the outside world,
> you may want to consider adding authentication to squid to stop random
> hippies using your squid/bandwidth instead.  I believe this is made
> possible through ACL (Access control Lists) in the most part.  Looking
> through /etc/squid.conf here shows me that you can make ACL's to limit
> access to certain IP's by the time of day etc.
> There is a setting called authenticate_program in my squid.conf file.
> What it does is supply the authenticate program and a password list for
> all the valid users.
>
>
> -----Original Message-----
> From: robr@mikka.net.au [mailto:robr@mikka.net.au]
> Sent: Wednesday, 5 December 2001 12:21 PM
> To: Debian Security
> Subject: Squid security
>
> Recently, I had someone trying to browse the web from one of our servers
> via squid.  Luckily, I didn't need squid for this machine, so I took it
> off and emailed the hostmaster of the domain the person was doing it
> from..luckily the IP address was the same.  i also managed to get the
> IP address blocked by our ISP.
>
> On another server, which I have squid running and want running, I keep
> getting accesses from http://service.bfast.com/bfast/serve and someone
> seems to be accessing web pages late at night when everyone has gone
> home.  Trouble is, the IP addresses that access squid don't have host
> names (ie. they don't exist) and they keep changing.  Is there any way
> to block access to this and is there a good FAQ, etc.
>
> It seems strange though, as the access is every few minutes and the
> pages accessed have ads involved,while the first person (above) was
> accessing squid regularly in spurts.
>
>
> Thanks
>
> Robert..
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: Squid security
  - From: "Ian McDonald" <iam@st-andrews.ac.uk>

References:
- RE: Squid security
  - From: "Chris Harrison" <ChrisHarrison@Bigpond.com>

Prev by Date: Re: apache - bots
Next by Date: Re: Re: Squid security
Previous by thread: RE: Squid security
Next by thread: Re: Squid security
Index(es):
- Date
- Thread