[squid-users] my squid box spoofed !!

From: Alex <o_Again2004@dont-contact.us>
Date: Mon, 16 May 2005 10:42:31 +0300

Dear All,

i have a problem with my squid proxy.. suddenly its performance decrease and
i never get the speed i expect from my squid box, and when i tail to
access.log i find a weird line of information there,, please find it below :

1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT
205.188.156.185:25 - DIRECT/205.188.156.185 -

i found thousands of line similar to this one, even, i dont know the source
ip address, destination or even the direct destination !! the 3 ip addresses
doesn't belong to my network at all and all are blocked from the squid.conf
file, plus why the destenation is trying to make connection on port 25 !!! ?
such port is also blocked with the Safe_ports rule !
port 25 is not allowed on my linux box , so how this ip can hack to my squid
box and through my squid can open a session to port 25 on the destination ?
and how i can block this from happening ?! its killing my squid box
performance

Best Regards ,
Received on Mon May 16 2005 - 01:42:43 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT