<plugin_id>34</plugin_id>
<plugin_name>Squid proxy port tcp/3128 detection</plugin_name>
<plugin_family>Firewalls</plugin_family>
<plugin_created_date>2003/11/14</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/17</plugin_updated_date>
<plugin_version>1.5</plugin_version>
<plugin_changelog>Optimized the GET request and trigger in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Changed the comment in 1.5</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>3128</plugin_port>
<plugin_procedure_detection>open|send GET http://www.computec.ch HTTP/1.0\nProxy-Connection: Keep-Alive\n\n|sleep|close|pattern_exists *HTTP/1.[0-1] 200 * OR *HTTP/1.[0-1] 50[2-3] *</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>See also ATK plugin 196 for a more generous version of this plugin.</plugin_comment>
<bug_affected>Squid proxy server listening on default port tcp/3128</bug_affected>
<bug_not_affected>Proxy servers bind to another port</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>Port tcp/3128 is the default port for Squid proxy servers. If an attacker can connect to the port, start an HTTP request and get an HTTP reply, he can be very sure that there is a web proxy available.</bug_description>
<bug_solution>Reconfigure the remote Squid proxy so that it only accepts requests coming from inside your network.</bug_solution>
<bug_fixing_time>20 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>10</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>7</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Low/Medium</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check.</bug_check_tool>
<source_nessus_id>10195</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>