> I do not think you can solve the problem by modifying Squid.
> If I get you right, you are under a distributed denial of service
> attack (essentially) originated from your own customers.
Well, the attack is not ON me. It's through me... When Code Red tries to
reach other people's port 80, transparent proxy catches it and redirects the
calls through Squid. When it gets flooded, it goes down. When things
time-out, it comes back up (few minutes) but just until it begins to be
flooded again.
The most impressive thing to me, however, is that I'm talking about 33.6kbps
dial-up customers and all I need is ONE infected customer online and 20
seconds of Code Red running on his computer to loose Squid.
> You can hack your way out by auto-parsing Squid access log,
> auto-extracting IP addresses of affected customers, and auto-
> building a "block" or, better, "do-not-redirect-to-Squid" IP list
> for your router...
While it looks ugly, it's not impossible..... Good suggestion. I'll try
other stuff first but it's a reasonable last resort. Thanks.
--- Luiz Lima Image Link Internet http://www.imagelink.com.brReceived on Thu Aug 09 2001 - 18:57:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:31 MST