[squid-users] Nessus vulnerability scan crashes squid

I'm running Squid 2.5 Stable1 on Redhat Linux 9.0, kernel 2.4.20-18.

Our cache is running fine until we use a vulnerability scanner (Nessus).
Nessus has many vulnerability scans, but one set of the scans check for
httpd vulnerabilities. When we start the scan of another network, the
router (via WCCP) intercepts the http requests and forwards them to the
squid box. Eventually (somewhere between 1 minute and 30 minutes), the
squid box stops forwarding back out requests and the clients don't get
their web requests fulfilled and then the screaming starts ;-)

A couple of notes:

o We are not scanning the squid box directly. We are scanning machines
  elsewhere on the network and the http requests (that are part of
  some of the vulnerability scans) get redirected to the web cache.

o Thinking that the squid box would lock up because of something in
  the scans themselves, we scanned the squid box directly and it
  kept humming along just fine.

o We use WCCP version 1 off a Cisco 6500 running 12.1.13. We do not
  configure the clients to use a proxy.

o It all works fine until the scans start and it seems to ride them
  out for a little while. We can easily (unfortunately) recreate
  the problem.

o The box is not overwhelmed - the nessus scanner only sends out an
  http request as part of its scan every second or so.

o No errors are reported in the squid logs that I can find that
  would indicate a problem.

o WCCP continues to work because the router thinks it has a good cache
  engine and sends it request, but the squid box just "eats" them.

o We have temporarily solved this by putting an access list on the router
  telling the router not to redirect http packets from the nessus
  machines to the squid cache. However, this is not a feasible long
  term solution as others on our campus of 25,000 may do a nessus scan
  from somewhere and then our cache engine will die.

Has anyone else witnessed this problem? I have searched the archives for
related issues and found none :-(

Thank you
--Greg Redder
  Network Analyst
  Colorado State University

===============================================================================
Greg Redder Academic Computing & Networking Services
Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958
601 S. Howes, Room 625 E-mail: redder@yuma.colostate.edu
Fort Collins, CO 80523 PGP Fprint:299F83B58A72BE7428E064E801749C69FFA537C6
===============================================================================
Received on Mon Jun 09 2003 - 11:26:33 MDT