Re: [squid-users] mIRC

From: Joe Cooper <[email protected]>
Date: Wed, 27 Feb 2002 06:52:57 -0600

It's not a security hole for Squid. ;-)

But you're quite right, it serves no purpose to proxy IRC through
Squid--unless he has an overly aggressive or poorly configured firewall
to get around, and would rather change Squid than the firewall. As you
may know, though, many folks mistakenly believe that sending everything
through a 'proxy' (no matter what kind of proxy) is somehow inherently
more secure than a correctly firewalled and segmented network...It just
isn't worth it to argue--a proxy and an insanely tight firewall /will/
provide a pretty good level of security, if at the expense of a lot of
hassle and broken apps that a nicely configured firewall and segmenting
will not cause. I suppose some off-the-shelf firewalls don't have the
capabilities required to achieve a real level of security without a full
lockdown of all except a few proxied ports...

Simon White wrote:

> There's no point running mIRC through Squid, there is no recurrent data to
> cache and it doesn't use the HTTP protocol.
>
> If you're concerned about security, running through a proxy is not going to
> help. mIRC is a huge security hole and better left blocked on a security
> conscious network, or at least allowed direct from a limited number of
> machines.
>
> My opinion.
>
> Simon
>
> On 27-Feb-02 at 06:35, Joe Cooper's inspired musing was thus :
>
>>Yeah, and? The error tells you what is happening (access control is
>>denying the CONNECT request). Do a search for CONNECT in your
>>squid.conf file--the reason for this message will probably become apparent.
>>
>>(Hint: 6668 is not among SSL_ports...but it could be if you wanted it to
>>be.)
>>
>>shadha wrote:
>>
>>
>>>Hello all,
>>>
>>>While try use mIRC thro squid , i'll get following error in access log.
>>>what they mean?plz help me asap.how to overcome this....
>>>
>>>1014812550.304 16 172.16.1.59 TCP_DENIED/403 981 CONNECT
>>>irc.asiatalk.org:6668 - NONE/- -
>>>1014812562.305 1 172.16.1.59 TCP_DENIED/403 981 CONNECT
>>>irc.asiatalk.org:6667 - NONE/- -
>>>1014812565.359 1 172.16.1.59 TCP_DENIED/403 981 CONNECT
>>>irc.asiatalk.org:6668 - NONE/- -
>>>
>>>Thanks and Regards,
>>>-shadha
>>>
>>
>>--
>>Joe Cooper <joe@swelltech.com>
>>http://www.swelltech.com
>>Web Caching Appliances and Support
>>
>

-- 
Joe Cooper <joe@swelltech.com>
http://www.swelltech.com
Web Caching Appliances and Support
Received on Wed Feb 27 2002 - 05:53:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:33 MST