Re: [squid-users] [squid-users]: How to prevent IP Address scanning using Squid?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 1 Dec 2003 10:47:50 +0100 (CET)

On Mon, 1 Dec 2003, Hwee Khoon, Neo wrote:

> We notice that a number of our cache user are doing a port 80 scan
> across a range of IP addresses. As the destination IP are rather random,
> is there any way we can configure Squid to deny such a request pattern?

I would recommend a program that tails the access.log watching for clients
generating an excessive amount of TCP_MISS/000 requests to IP addresses
and then firewalls the offending client from any network access.

These clients are often infected by viruses or other malware and needs to
be fixed. If not the user at that client needs to be fixed..

Regards
Henrik
Received on Mon Dec 01 2003 - 02:47:56 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:03 MST