Security – Why does squid (proxy server) listens on port 48512

Securitysquid

I just installed squid on my ubuntu machine (sudo apt-get install squid3) and after installing it I noticed that it listens on port 48512.

$ netstat -tulpn | grep squid
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      44365/(squid-1)
udp        0      0 0.0.0.0:48512           0.0.0.0:*                           44365/(squid-1)

I know that it listens on port 3128 by default and that can be changed by going to /etc/squid/squid.conf

But port 48512 is not listed anywhere. How do I configure squid to not listen on port 48512?

Also when I do a google search on port 48512 it says it is a Trojan.

Best Answer

From squid config directives:

udp_incoming_address    is used for UDP packets received from other
            caches.

The default behavior is to not bind to any specific address.

Only change this if you want to have all UDP queries received on
a specific interface/address.

NOTE: udp_incoming_address is used by the ICP, HTCP, and DNS
modules. Altering it will affect all of them in the same manner.

It seems it is used for internal dns, a mechanism for squid to effectively manages DNS queries.

Related Topic