[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Standard Qube 3 Proxy Server Susceptible to Spammers?
- Subject: Re: [cobalt-security] Standard Qube 3 Proxy Server Susceptible to Spammers?
- From: Harald Kapper <hk@xxxxxxxxxx>
- Date: Mon, 21 Oct 2002 21:16:28 +0200
- Organization: kapper.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 21 Oct 2002 13:23:46 -0400, you wrote:
>I assume numerous Qube 3s use the Cobalt standard proxy configuration
>and therefore are spammer targets. While this "abuse" might not be a
>security issue, I believe providing firewall rules or some other fix
>would be an appropriate Cobalt response. Qube owners who fail to detect
>the abuse quickly might find their domain blacklisted as sources of
>spam.
o contraire!
of course it is a _big_ security issue. anyone can connect to the squid
running on port 3128. now anyone knowing a bit about http-proxy-protocol
(or having a handy script-tool to do this) can issue DIRECT-connects.
while these connects were developed for https, they can be used (and are
mostly abused) for eg. smtp-connects and therefore issuing spam.
of course one can also start scanning the internal network behind the
firewall - the cube.
having said this - we all know that cobalt/sun can do it right,
as their cache-raqs show there are ways to do proper squid-rules and
to provide a web-interface for these things.
but on the qube3-side this was either plain ignored or simply forgotten.
hth
hk