Hello there, yesterday one of our users going through the squid cache
machine (which is also our networks gateway) began attempting to connect
to random ip addresses what seemed randomly, and far faster then humanly
possible. We suspect he had either some sort of trojan or virus. The
problem is that as he was attempting to connect to all these
non-existant ip addresses, the squid service hung for everyone else
trying to use it (about another 50 users). Normally we have no problems
traffic or workload on our server, yet this completely disabled any
traffic going through port 80. In the cache.log it began to print out
"WARNING! You are running out of file descriptors" repeatedly until we
disconnected the user and restarted squid. I guess what I'm asking is:
a) Has anything like this happened to anyone else?
b) Would increasing the number of file descriptors help to avoid this
problem in the future?
c) Is there any way to limit the number of requests from a certain ip
address in a certain amount of time?
Received on Wed Apr 28 2004 - 10:52:41 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT