[squid-users] Squid Behavior to Ping Destination on Registered Ports

Kevin Wong Sat, 18 Nov 2017 13:23:27 -0800

My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports
before initiating outbound HTTP traffic.  I am running an updated Squid
Proxy on Ubuntu 16.04.  Can anybody explain or confirm the Squid behavior?


Oct 15 03:53:37  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1024->91.189.91.23/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny

Oct 15 08:06:20  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1280->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny

Oct 15 10:46:47  firewall RT_FLOW: RT_FLOW_SESSION_DENY: session
denied 10.1.1.1/1536->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1
uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny


For more details and flow examples, I posted on serverfault:

https://serverfault.com/questions/879394/squid-proxy-using-vulnerable-ports

_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid Behavior to Ping Destination on Registered Ports

Reply via email to