[squid-users] Proxy Security Issue

From: Kent, Mr. John <[email protected]>
Date: Tue, 29 Jan 2002 10:16:52 -0800

Greetings,

This may be old news to most, and it may have been discussed heavily in
documentation and FAQs, never-the-less I got caught, and am sharing my
error with the rest of the Squid community.

I had set

httpd_accel_with_proxy to on

We were then used as a redirect to pornographic sites by someone in China.

Setting the above to off stopped the abuse.

From my security officer "Clever proxy tricks are one of the hottest current
topics in the BlackHat
community. The reason being if they can do reconnaissance or even attacks
via a proxy, their true source IP is obfuscated.
In the past, when they decide to attack, it had to be from a system they
were
willing to give up because the attack would be traced back and the
compromise
of the attacking system will be revealed. All this proxy stuff is intended
to conserve their "resources"...

John Kent
Webmaster
Naval Research Laboratory
Monterey, California
Received on Tue Jan 29 2002 - 11:17:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:59 MST