Re: [squid-users] Alot of IP bases URL http requests

I have the same, and I seems to be the behavior of a computer virus,

I would recommend a good antivirus-check for that computer.

-francisco

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Francisco J. Obispo
ccTLD VE - NIC-Venezuela - CNTI
http://www.nic.ve - http://www.cnti.ve
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
----- Original Message -----
From: "iweyou" <iweyou@isd.wol.net.pk>
To: <squid-users@squid-cache.org>
Sent: Monday, March 22, 2004 11:11 AM
Subject: [squid-users] Alot of IP bases URL http requests

> Dear All,
> I have a very strange problem running squid-2.4.STABLE3 on Redhat Linux
with iptables.
> For hours squid works fine but when the follwoing unexpected IP based URL
requests(More than 100
> Requests per minute) hit my cache server it becomes unstable.These
requests are generated
> by some of my windows based networked machines. I dont know whether these
requestes are generated
> by some viruses or worms.
> Is there any way to block OR deny these IP based URL requets?
> Following are some of the lines of these unexpected http requests from
squid's access.log.
>
> 1079956694.022 253223 192.168.2.10 TCP_MISS/504 1020 GET
http://200.209.46.116/ - NONE/- -
>
> 1079956695.020 240297 192.168.2.10 TCP_MISS/504 1016 GET
http://38.193.62.86/ - NONE/- -
>
> 1079956695.020 241906 192.168.2.10 TCP_MISS/504 1022 GET
http://221.227.107.118/ - NONE/- -
>
> 1079956695.020 240342 192.168.2.10 TCP_MISS/504 1020 GET http
://152.62.187.217/ - NONE/- -
>
> 1079956696.065 239791 192.168.2.10 TCP_MISS/504 1018 GET
http://69.178.216.27/ - NONE/- -
>
> 1079956697.007 250953 192.168.2.10 TCP_MISS/504 1016 GET
http://16.24.27.154/ - NONE/- -
>
> 1079956697.007 241265 192.168.2.10 TCP_MISS/504 1020 GET
http://68.171.223.240/ - NONE/- -
>
> 1079956697.007 240185 192.168.2.10 TCP_MISS/504 1020 GET
http://27.149.199.243/ - NONE/- -
>
> 1079956697.007 239974 192.168.2.10 TCP_MISS/504 1018 GET
http://29.177.226.46/ - NONE/- -
>
> 1079956697.007 240185 192.168.2.10 TCP_MISS/504 1018 GET
http://12.127.35.235/ - NONE/- -
>
> 1079956698.013 243880 192.168.2.10 TCP_MISS/504 1022 GET
http://104.136.191.110/ - NONE/- -
>
> 1079956698.013 253431 192.168.2.10 TCP_MISS/504 1020 GET
http://130.57.122.235/ - NONE/- -
>
> 1079956700.057 259506 192.168.2.10 TCP_MISS/504 1022 GET
http://168.160.250.193/ - NONE/- -
>
> 1079956700.057 258877 192.168.2.10 TCP_MISS/504 1020 GET
http://132.48.127.183/ - NONE/- -
>
> 1079956700.057 261348 192.168.2.10 TCP_MISS/504 1016 GET
http://66.55.239.71/ - NONE/- -
>
> 1079956700.057 258627 192.168.2.10 TCP_MISS/504 1016 GET
http://3.104.165.58/ - NONE/- -
>
> 1079956701.017 240037 192.168.2.10 TCP_MISS/504 1020 GET
http://96.105.231.248/ - NONE/- -
>
> 1079956701.017 239955 192.168.2.10 TCP_MISS/504 1018 GET
http://83.197.64.207/ - NONE/- -
>
> 1079956701.017 240037 192.168.2.10 TCP_MISS/504 1016 GET
http://94.237.2.152/ - NONE/- -
>
> 1079956701.017 263595 192.168.2.10 TCP_MISS/504 1018 GET
http://32.237.54.118/ - NONE/- -
>
> 1079956702.006 267007 192.168.2.10 TCP_MISS/504 1020 GET
http://166.186.183.93/ - NONE/- -
>
> 1079956703.002 239669 192.168.2.10 TCP_MISS/504 1016 GET
http://11.192.3.128/ - NONE/- -
>
> 1079956709.017 240053 192.168.2.10 TCP_MISS/504 1020 GET
http://198.171.157.35/ - NONE/- -
>
> 1079956709.017 240008 192.168.2.10 TCP_MISS/504 1020 GET
http://141.148.55.117/ - NONE/- -
>
> 1079956709.017 239819 192.168.2.10 TCP_MISS/504 1022 GET
http://221.120.234.241/ - NONE/- -
>
> 1079956711.011 243788 192.168.2.10 TCP_MISS/504 1020 GET
http://192.137.45.231/ - NONE/- -
>
> 1079956711.011 254707 192.168.2.10 TCP_MISS/504 1020 GET
http://145.22.156.185/ - NONE/- -
>
> 1079956712.017 243582 192.168.2.10 TCP_MISS/504 1014 GET
http://175.2.1.156/ - NONE/- -
>
> Thanks
>
>
> --------------------------------------------------------
> --------------------------------------------------------
> Welcome to WOL Web Mail Service
>
> Please visit
>
> http://www.isd.wol.net.pk
>
>
>
Received on Mon Mar 22 2004 - 08:34:08 MST