EN
Русский
TCP
Other
Port 3128 (Squid Proxy)
Learn about port 3128 (Squid Proxy) - security risks, vulnerabilities, and common uses. Find devices with port 3128 open.
Quick Info
Port Number
3128
Protocol
TCP
Service
Squid Proxy
IANA Name
Squid Proxy
Service Description
TCP port 3128 is commonly associated with the Squid proxy server. Squid is a caching and forwarding HTTP web proxy. It accelerates serving web resources by caching repeatedly-requested content, reducing bandwidth consumption and improving response times, especially for clients with limited internet access or in high-latency environments. At a technical level, when a client configured to use a Squid proxy requests a resource, the request is first sent to the Squid server on port 3128. Squid then checks its cache for the requested resource. If the resource is found and considered valid (not expired), Squid serves it directly from the cache. If the resource is not in the cache or has expired, Squid fetches it from the origin server, caches a copy, and then delivers it to the client. Squid also supports various protocols, including HTTP, HTTPS (via tunneling), and FTP. It can be configured to perform access control, authentication, and content filtering, making it a versatile tool for network administrators.
The history of port 3128's association with Squid is rooted in its early adoption as a common, well-known port for proxy services. While not officially registered with IANA, its widespread use in Squid configurations has solidified its association. The default configuration of Squid often utilizes port 3128, making it a de facto standard. The protocol used is primarily HTTP or HTTPS (tunneled via CONNECT method) between the client and the proxy, and then standard HTTP/HTTPS between the proxy and the origin server. Squid also supports various authentication methods like Basic, Digest, NTLM, and Kerberos for controlling access to the proxy server.
## Firewall Recommendations
If you are running a Squid proxy server or a similar service, it is crucial to implement strict access control measures. Block incoming connections to port 3128 from any source IP address except for those clients that are explicitly authorized to use the proxy. Implement strong authentication mechanisms to prevent unauthorized access. Keep the proxy software up-to-date with the latest security patches to mitigate known vulnerabilities. Consider using SSL/TLS encryption between the client and the proxy to protect sensitive data in transit. Regularly review and audit the proxy server's configuration and logs to identify and address any potential security issues. If you are not running a proxy server, block incoming connections to port 3128 to prevent unauthorized access attempts. Outbound connections to port 3128 should also be monitored and restricted unless explicitly required for legitimate purposes.
The history of port 3128's association with Squid is rooted in its early adoption as a common, well-known port for proxy services. While not officially registered with IANA, its widespread use in Squid configurations has solidified its association. The default configuration of Squid often utilizes port 3128, making it a de facto standard. The protocol used is primarily HTTP or HTTPS (tunneled via CONNECT method) between the client and the proxy, and then standard HTTP/HTTPS between the proxy and the origin server. Squid also supports various authentication methods like Basic, Digest, NTLM, and Kerberos for controlling access to the proxy server.
## Firewall Recommendations
If you are running a Squid proxy server or a similar service, it is crucial to implement strict access control measures. Block incoming connections to port 3128 from any source IP address except for those clients that are explicitly authorized to use the proxy. Implement strong authentication mechanisms to prevent unauthorized access. Keep the proxy software up-to-date with the latest security patches to mitigate known vulnerabilities. Consider using SSL/TLS encryption between the client and the proxy to protect sensitive data in transit. Regularly review and audit the proxy server's configuration and logs to identify and address any potential security issues. If you are not running a proxy server, block incoming connections to port 3128 to prevent unauthorized access attempts. Outbound connections to port 3128 should also be monitored and restricted unless explicitly required for legitimate purposes.
Security Information
Port 3128, when used by a proxy server like Squid, can be a significant security risk if not properly configured and secured. An open, unauthenticated proxy allows anyone on the internet to relay traffic through the server, potentially masking their origin and engaging in malicious activities. This can lead to the proxy server being blacklisted and potentially used in distributed denial-of-service (DDoS) attacks, spam campaigns, or other illegal activities. Attackers may also attempt to exploit vulnerabilities in the proxy software itself to gain unauthorized access to the server or the network it resides on. Improperly configured access control lists (ACLs), weak authentication mechanisms, and outdated software versions are common attack vectors. Furthermore, attackers might exploit the proxy to bypass security controls and access internal resources that would otherwise be inaccessible. The proxy server can also become a target for data interception, as all traffic passing through it is visible to the server. Lack of SSL/TLS encryption between the client and the proxy, or between the proxy and the origin server, can expose sensitive data to eavesdropping.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2019-12526 | Squid: Denial of Service via crash | Medium | A denial of service vulnerability exists in Squid through 4.7 due to a crash caused by an assertion failure in adaptation/ecs/EcsStream.cc. |
| CVE-2019-12525 | Squid: Denial of Service via crash | Medium | A denial of service vulnerability exists in Squid through 4.7 due to a crash caused by an assertion failure in Adaptation::Icap::ServiceRep::noteSinkDisconnecting. |
| CVE-2016-10002 | Squid: HTTP Response Splitting Vulnerability | Medium | Squid before 3.5.23 and 4.x before 4.0.17 allows HTTP response splitting vulnerabilities due to improper validation of CRLF sequences. |
Malware Associations
- Some botnets may use open proxies running on port 3128 to anonymize their command and control traffic.
- Malware can configure infected machines to use open proxies on port 3128 to hide their malicious activities.
Common Software
- Squid Cache
- ccProxy
- WinGate
- AnalogX Proxy
- Privoxy
- ProxyCap
- Internet Accelerator
- FreeProxy
- HandyCache
Find devices with this port
Discover all devices with port 3128 open in any country.
Search Port 3128Find all devices with port 3128 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning