On 16/06/17 18:33, javier perez wrote:
Hello Matus,
You are right, the thing is that our clients are not going to open any other
port than 20 and 21 for security meassures (or lazyness).
FYI: The "for security" argument is bogus because;
a) allowing any random client to determine their own arbitrary port
number(s) is strictly worse for security than having your control point
(Squid) select the port, and
b) limiting that client-selected port to 20/21 makes the data between
client and Squid go over a port which is more easily predicted and
therefore interceptable by passive attack.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
