RE: WARNING from Matthew on 2000-05-11 (squid-users)

From: Matthew <matthew@dont-contact.us>
Date: Thu, 11 May 2000 08:59:21 +0100 (BST)

On Wed, 10 May 2000, Armistead, Jason wrote:

> Atif
>
> It doesn't matter about ACL rules. The SYN attack takes place BEFORE the
> TCP/IP connection is actually established and the connection gets handed
> over to Squid.
>
> i.e. Proxy TCP/IP stack gets a SYN, sends an ACK to the client, waits for
> another ACK back from the client and then the connection is established, at
> which time the connection is passed to Squid for handling.
>
> If there is no ACK back from the client, the proxy will retry sending its
> ACK several times (with progressively longer timeouts each time to allow for
> possible slow links) before failing the connection, but in this time it is
> wasting a connection and tying up all the related network resources (mainly
> RAM) on the proxy. This is what a SYN flood denial of service attack
> relies on, tying up TCP/IP resources so no-one else can access the server.
>
> Only after establishment can Squid do anything about the connection with
> ACLs, and even then I think it only issues the DENY when a URL is actually
> requested (I may be wrong, but I had a very quick look at the source code
> for where aclCheck is called from and it looked this way to me ...).

however you could get squid only to listen on your local network ip
address.

>
> Jason
>
>
> -----Original Message-----
> From: S M A [mailto:s_m_a_9@yahoo.com]
> Sent: Thursday, 11 May 2000 13:17
> To: Samir; squid-users@ircache.net
> Subject: Re: WARNING
>
>
> Dear,
>
> protect Your proxy from all the World attacks....
>
> I think you have allow all world to use your proxy.
>
> Make acl rule to deny all as immediate as possible.
>
> From,
>
> Atif
> --- Samir <samirfarooq@sat.net.pk> wrote:
> > WARNING: High TCP connect timeout rate! System (p
> > ort 8080) may be under a SYN flood attack!
> >
> > can any one explain ????
> > thanx for reply in advance :)
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>
>
Received on Thu May 11 2000 - 02:05:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:27 MST