On Thursday 21 February 2002 21:36, Ronald F. Guilmette wrote:
> Consider the case of a hacker (or spammer) who wishes to attack
> some site while covering his tracks by connecting to the site
> through a _chain_ of HTTP/CONNECT proxies.
Any sane HTTP proxy setup MUST restrict the use of CONNECT to known
SSL ports only (or specific exceptions for intentional misuse of the
HTTP proxy to proxy other applications).
CONNECT SHOULD NOT be allowed to port 80.
In case of Squid, the default configuration only allows CONNECT to
ports 443 (https) and 563 (snews).
Regards
Henrik Nordström
Received on Thu Feb 21 2002 - 14:04:16 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:30 MST