Home page logo

bugtraq logo Bugtraq mailing list archives

Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 21 Feb 2002 13:26:51 +1300

On Tue, Feb 19, 2002 at 02:19:50PM -0800, Steve VanDevender wrote:
It's not just Checkpoint Firewall that has a problem with HTTP CONNECT.
From what I can tell default installations of the CacheFlow web proxy
software, some Squid installations, some Apache installations with
proxying enabled, and some other web proxy installations I haven't
identified allow anyone to use the HTTP CONNECT method.  This is being
used more and more often to relay spam.  This is a boon for spammers

The authors of Squid sorted that problem out YEARS ago. The default ACLs
within Squid state:

acl SSL_ports port 443 563
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

i.e. you can only use the CONNECT proxy option for ports 443 and 563.

I'm amazed this isn't the default in other products...

This is a really old problem...


Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]