Re: [squid-users] is it a DOS attack ??

From: Hwee Khoon, Neo <hweekhoon.neo@dont-contact.us>
Date: Mon, 16 Feb 2004 16:03:56 +0800

try and access www.microsoft.com from your squid server, if you ca'nt get
thru, it means microsoft has blocked you out.

if you are getting alot of request to www.microsoft.com without any
user-agent header and request object, some machines using your proxy could
have been infected with mydoom.c virus and tries to flood the website with
requests

try and blocked these request out by denying request that does not have any
user-agent header inside squid.conf

rgds
hk

----- Original Message -----
From: "Danish Khan" <danish.khan@go4b.net>
To: "'Duane Wessels'" <wessels@squid-cache.org>
Cc: <squid-users@squid-cache.org>
Sent: Sunday, February 15, 2004 12:35 PM
Subject: RE: [squid-users] is it a DOS attack ??

> Yea I can saw the forwarding loop thing in cache.log.. but plz tell me in
> detail that how I overcome that.
>
> Regards
>
> Danish Khan
>
> -----Original Message-----
> From: Duane Wessels [mailto:wessels@squid-cache.org]
> Sent: Sunday, February 15, 2004 5:51 AM
> To: Danish Khan
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] is it a DOS attack ??
>
>
>
>
> On Sat, 14 Feb 2004, Danish Khan wrote:
>
> > I have configured my box with 8192 FD but still I got warnings of FD's
and
> > tooo many comm.(23) Port error WHY plz update :(
> >
> > Danish
> >
> > -----Original Message-----
> > From: Mahmood Ahmed [mailto:braveheart@buraak.net.pk]
> > Sent: Saturday, February 14, 2004 10:24 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] is it a DOS attack ??
> >
> > Hello List!
> >
> > I have been facing this strange problem for last 3 days. I hope some one
> > here will be able to shed light on it. I dont know wheather its a bug or
a
> > virus or a DOS attack but it is hitting my squid box very hard. in my
> access
> >
> > log i am seeing a lot of these.
> >
> > 1076806934.151 451 202.133.44.214 TCP_MISS/000 0 GET
> > http://www.microsoft.com/ - NONE/- -
> > 1076806934.163 461 202.133.44.214 TCP_MISS/000 0 GET
>
> This looks to me like a forwarding loop.
>
> Are you using HTTP interception?
>
> Duane W.
>
Received on Mon Feb 16 2004 - 01:04:01 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST