Re: [squid-users] serious problem - is this my box compromised

From: Brian <hiryuu@dont-contact.us>
Date: Mon, 6 Aug 2001 03:15:00 -0400

I'm not sure if those really accomplish a lot in this case. The logs
indicate the request was halted (NONE/411) anyway.

        -- Brian

On Monday 06 August 2001 03:04 am, Mitesh P Choksi wrote:
> that's code red. from previous mail i got the rules that are required.
>
> Please add these on squid server.
> NOTE : these are CISCO rules, do not use them on squid as it is, change
> them to squid acl's
>
> rule enable
> rule block url-regex ^http://.*www\.worm\.com/default\.ida$
> rule block url-regex ^http://.*/default\.ida$
>
> -----Original Message-----
> From: hari_bhr [mailto:hari_bhr@yahoo.com]
> Sent: 06 August 2001 10:07
> To: squid-users@squid-cache.org
> Subject: [squid-users] serious problem - is this my box compromised
>
>
> hi all
> i have installed the Redhat + squid+ wccp
> i suppose to save lot bandwidth,
> but the poor response from squid, it very slow,
> i remove wccp routing from my router its now working fine
> when i router again to wccp router , the response again poor
> the check the access log.
> i have done acl also , with out our block address rest all deny
> but still i able to see the following log
>
> 997111859.474 3 202.107.228.229 NONE/411 1575 GET
> http://202.63.106.78/defa
> ult.ida? - NONE/- -
> 997111859.502 28 202.63.103.245 NONE/411 1575 GET
> http://202.26.190.145/defa
> ult.ida? - NONE/- -
> 997111859.600 71 211.10.26.252 NONE/411 1575 GET
> http://202.63.125.115/defau
> lt.ida? - NONE/- -
> 997111859.702 32 202.109.98.182 NONE/411 1575 GET
> http://202.63.126.72/defau
> lt.ida? - NONE/- -
> 997111859.740 6 202.102.163.220 NONE/411 1575 GET
> http://202.63.124.72/defa
> ult.ida? - NONE/- -
> 997111859.776 35 64.168.133.12 NONE/411 1608 GET
> http://www.worm.com/default
> .ida? - NONE/- -
> 997111859.886 13 202.96.95.60 NONE/411 1575 GET
> http://202.63.124.66/default
> .ida? - NONE/- -
> 997111860.277 28 202.250.164.186 NONE/411 1575 GET
> http://202.63.127.111/def
> ault.ida? - NONE/- -
> 997111860.346 35 202.63.103.253 NONE/411 1575 GET
> http://202.63.51.11/defaul
> t.ida? - NONE/- -
> 997111860.597 17 202.96.69.215 NONE/411 1575 GET
> http://202.63.110.92/defaul
> t.ida? - NONE/- -
>
>
> some help will appreciate
> thanks
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
Received on Mon Aug 06 2001 - 01:15:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:28 MST