RE: [squid-users] Squid under attack (opaserv)

When using Linux-2.4 there is many nice filters to use in iptables to
block such clients.. a combination of a string and ippool match/target
should do the trick quite easily.

There is also several IDS like tools available for Linux which can do
the job.

Regards
Henrik

tis 2003-01-07 klockan 07.14 skrev Niti Lohwithee:
>
> Dear Henrik
>
> Thank you for your answers. But I can block the virus at router.
> I have a long list of access-list in the router. There are many people
> infected the virus. I can not control them.
>
> I have a long term solution using IDS in mid-year. But Now. I would like
> to use short term solution by turning the Linux kernel to protect it.
>
> I don't know that Is it possible?
>
>
> Regards and thank you
> Niti :)
>
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Tuesday, January 07, 2003 12:29 PM
> To: Niti Lohwithee
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid under attack (opaserv)
>
> Recommendation:
>
> Use firewalling to block the offending clients from reaching Squid until
> they have been fixed.
>
> Most OS:es, including RedHar 6.2 has built-in features for firewalling.
> RedHat 6.2 uses Linux-2.2 and there the firewalling mechanism is
> ipchains.
>
> To block a offending PCs from accessing your Squid server:
>
> ipchains -A input -s ip.of.infected.pc -j DENY
>
> To unblock it again when fixed:
>
> ipchains -D input -s ip.of.infected.pc -j DENY
>
> Regards
> Henrik
>
> Niti Lohwithee wrote:
> >
> > Dear all,
> >
> > I'm facing problem. My box is Redhat 6.2 and squid Version
> > 2.3.STABLE3 . Now it is attacked from opaserv. The average cpu is
> about
> > 80-95 %. Sometime the log file is over 2 GB. I try to solving this
> > problem using enable echo 1 > /proc/sys/net/ipv4/tcp_syncookies but
> > It 's not work.
> >
> > Please someone advise what to do
> >
> > Regards and thank you
> > Niti : )
Received on Tue Jan 07 2003 - 05:21:16 MST