Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering

From: Kevin Way (kevin@RESEARCH-INC.COM)
Date: Wed Oct 14 1998 - 10:46:00 PDT

Next message: Allen Myers - Verio Consulting Group: "Re: Annoying Solaris/CDE/NIS+ bug"

Previous message: klindsay: "Secure Locate v1.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Very untrue. Look at this:
> [hardbeat@haarlem hardbeat]$ telnet proxy 8080
> Trying 194.178.232.18...
> Connected to rotterdam.vuurwerk.nl.
> Escape character is '^]'.
> POST http://telnet:23/ HTTP/1.0
>
this seems to me to just be a poorly configured proxy server.  the
following acl's take care of that problem nicely, on squid anyway.

acl SSL_ports port 443 563
acl Safe_ports port 80 21 70 1025-5999 6011-65535
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports

this would seem to me a simple, and proper way to stop that problem nicely
with squid.

Kevin Way
System Administrator
ReSearch Inc.

Next message: Allen Myers - Verio Consulting Group: "Re: Annoying Solaris/CDE/NIS+ bug"
Previous message: klindsay: "Secure Locate v1.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:43 PDT