Re: [SQU] SQUID as IRC proxy???

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sun, 14 Jan 2001 01:48:55 +1100

----- Original Message -----
From: "M. Yu" <myu@websprinter.net>
To: <squid-users@ircache.net>
Sent: Sunday, January 14, 2001 1:03 AM
Subject: Re: [SQU] SQUID as IRC proxy???

>
>
> > I'd guess that you have an old proxy from the 1.1.x-series?
>
> No I have 2.3STABLE4 (compiled from SRPM).
>
> > if you add an acl that stops outgfoing connections on port 6667 (opr
> > whereever the ircd is, you can stop this.
>
> I only have the following ports defined in squid.conf
>
> icp_port 0
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535

this includes port 6667
1025< 6667 < 65535.

> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> snmp_port 0
>
> There is no 6667 on it.
>
>
> Just in case I got a trojaned Squid, I got and recompiled a new Squid SRPM
> but the bot is still there (it dies when i stop squid)...any other ideas?
>

Your squid is fine, but your access controls aren't. I'd suggest tightening up your safe ports line a little, and definately look at
limiting what ips can use your squid - that or consider authenticating users.
Rob

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Sat Jan 13 2001 - 07:40:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST