On Mon, 15 Feb 2010 09:19:40 -0800, Andy Litzinger <Andy.Litzinger@xxxxxxxxxxxxxxx> wrote: > Does the HTCP port have to be open towards the attacker or can the > attacker exploit the bug through a squid listening port? i.e. If I have a > firewall in front of squid (reverse proxy) that only allows port 80/443 in > from the web and HTCP is bound to some other port am I at risk from > attackers outside my firewall? As long as the attacker can get a packet into the HTCP listener port they can crash Squid. NP: that differs from the http_port. A firewall prevents external access to the HTCP port drops the severity. But, it might still be exploited by internal machines though, so still vulnerable. Also note, Squid passes these messages on _unchanged_ to its peers regardless of its own handling, so making one gateway Squid immune does not protect those behind it. Amos
