Re: [squid-users] DoS Vulnerabilities involving Squid &/or ICP?

From: <squid3@dont-contact.us>
Date: Fri, 3 Aug 2007 11:17:42 +1200 (NZST)

> Hello. I was trying to check whether there is some security hole or
> issue with our squid &/or ICP that I should know about. I looked around
> the www.squid-cache.org & the web, but didn't find anything relevant to
> the case below. I'd appreciate any pointers.
>

The major security problems we are aware of are listed at
http://www.squid-cache.org/Advisories/

Any of the 8 from SQUID-2004:2 and later may apply to your 2.5s5 squid.
It is also an unsupported version. I would highly recommend upgrading to
the current 2.6 stable release.

>
> BACKGROUND:
>
>
> Someone from web site X claimed that someone from our site was launching
> a DoS against them. The IP he gave was our proxy. It turns out someone
> from our site *was* repeatedly trying to download a certain audio URL
> (perhaps non maliciously).
>

Most likely you have a number of wireless clients wanting to see the video
and the source isn't providing proper caching headers for it. That would
make your squid (or anyones really) download it multiple times.

<snip>

Amos
Received on Thu Aug 02 2007 - 17:17:46 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT