On Mon, 21 Oct 2002 13:23:46 -0400, you wrote: >I assume numerous Qube 3s use the Cobalt standard proxy configuration >and therefore are spammer targets. While this "abuse" might not be a >security issue, I believe providing firewall rules or some other fix >would be an appropriate Cobalt response. Qube owners who fail to detect >the abuse quickly might find their domain blacklisted as sources of >spam.
o contraire! of course it is a _big_ security issue. anyone can connect to the squid running on port 3128. now anyone knowing a bit about http-proxy-protocol (or having a handy script-tool to do this) can issue DIRECT-connects. while these connects were developed for https, they can be used (and are mostly abused) for eg. smtp-connects and therefore issuing spam. of course one can also start scanning the internal network behind the firewall - the cube. having said this - we all know that cobalt/sun can do it right, as their cache-raqs show there are ways to do proper squid-rules and to provide a web-interface for these things. but on the qube3-side this was either plain ignored or simply forgotten. hth hk _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
