My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports before initiating outbound HTTP traffic. I am running an updated Squid Proxy on Ubuntu 16.04. Can anybody explain or confirm the Squid behavior?
Oct 15 03:53:37 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied 10.1.1.1/1024->91.189.91.23/42518 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
Oct 15 08:06:20 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied 10.1.1.1/1280->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy deny
Oct 15 10:46:47 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied 10.1.1.1/1536->91.189.91.26/42518 0x0 icmp 1(8) deny vlan1 uplink UNKNOWN UNKNOWN N/A(N/A) irb.420 UNKNOWN policy denyFor more details and flow examples, I posted on serverfault:
https://serverfault.com/questions/879394/squid-proxy-using-vulnerable-ports
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
