Hi,
Recently, we had some DDoS type attacks on our servers, so in an
attempt to secure our systems, we added some iptables rules, which
seems to work quite well on most of our servers.
Even on systems dedicated to Squid, all seems to run well. However,
one rule in particular seems to catch up a lot of entries in Squid
machines, which are almost non-existent on the other non-Squid
machines:
-A OUTPUT -p tcp -m tcp --tcp-flags RST RST -j OUTRST -m comment
--comment "OUTPUT: Catch RST pkt"
-A OUTRST -j LOG --log-prefix "OUTRST: "
-A OUTRST -j DROP -m comment --comment "OUTRST: Drop outbound RST"
From what we have seen, this does not seem to have a detrimental
affect on Squid Proxy. But, out of academic interest, we would still
like to learn more on why so many RST packets would be generated from
the server itself.
Can anyone shed some light?
Regards
HASSAN
Received on Fri Dec 27 2013 - 06:40:25 MST
This archive was generated by hypermail 2.2.0 : Sat Dec 28 2013 - 12:00:06 MST