Hello, I used nessus to check my Squid Proxy. I started the scan in the internal network. Nessus showed me the following vulnerabilities: - The proxy, allows everyone to perform requests against arbitrary ports, like 'GET http://cvs.nessus.org:110'. - The proxy allows the users to perform CONNECT requests like CONNECT http://cvs.nessus.org:23 - It was possible to make IIS use 100% of the CPU by sending it malformed extension data in the URL requested, preventing him to serve web pages to legitimate clients. - The misconfigured proxy accepts requests coming from anywhere. This allows attackers to gain some anonymity when browsing some sensitive sites using your proxy, making the remote sites think that the requests come from your network. - The misconfigured proxy accepts requests coming from anywhere. This allows attackers to gain some anonymity when browsing some sensitive sites using your proxy, making the remote sites think that the requests come from your network. - Information found on port unknown (3128/tcp) The remote web server type is : Squid/2.2.STABLE5 We recommend that you configure your web server to return bogus versions, so that it makes the cracker job more difficult What can I do? I'm running the SuSE_firewall script and I didn't set any ports @ FW_SERVICES_EXTERNAL_TCP. In my opinion nobody from the internet should be able to use my proxy - is that right? And why does nessus shows me informations about an IIS? Finally, how can I return bogus informations to hide my squid-version? Thanx for replies, Mario