They could open just a range of 5 dinamic ports and monitor them intensively... > Hello Matus, > > You are right, the thing is that our clients are not going to open any > other port than 20 and 21 for security meassures (or lazyness). FYI: The "for security" argument is bogus because; a) allowing any random client to determine their own arbitrary port number(s) is strictly worse for security than having your control point (Squid) select the port, and b) limiting that client-selected port to 20/21 makes the data between client and Squid go over a port which is more easily predicted and therefore interceptable by passive attack. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
