Search squid archive

[squid-users] Re: my squid box spoofed !!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Chris,

only the ip addresses configured in the access list are allowed to browse to the internet through my proxy server, meaning i just tried to browsethrough my proxy server and im using a different ip address than the ip addresses configured in my ACL and i was denied to browse .

is there anything else can cause this issue ?! do u want me to show u my acl ?

Regards,
Alex

On Mon, May 16, 2005 at 10:42:31AM +0300, Alex wrote: 
Dear All,

i have a problem with my squid proxy.. suddenly its performance
decrease
and i never get the speed i expect from my squid box, and when i tail
to
access.log i find a weird line of information there,, please find it
below :

1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT 205.188.156.185:25 - DIRECT/205.188.156.185 -


Your squid box is a open relay for the entire world to use, and
everyone
is more than likely accessing the internet though it, sending thousands
of spam emails, and what not.

I would suggest that you have a immediate look at your ACLs and tie
them
down.

--
Chris.

----- Original Message ----- From: "Alex" <o_Again2004@xxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Monday, May 16, 2005 10:42 AM
Subject: my squid box spoofed !!


Dear All,

i have a problem with my squid proxy.. suddenly its performance decrease and i never get the speed i expect from my squid box, and when i tail to access.log i find a weird line of information there,, please find it below :

1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT 205.188.156.185:25 - DIRECT/205.188.156.185 -

i found thousands of line similar to this one, even, i dont know the source ip address, destination or even the direct destination !! the 3 ip addresses doesn't belong to my network at all and all are blocked from the squid.conf file, plus why the destenation is trying to make connection on port 25 !!! ? such port is also blocked with the Safe_ports rule !
port 25 is not allowed on my linux box , so how this ip can hack to my squid box and through my squid can open a session to port 25 on the destination ? and how i can block this from happening ?! its killing my squid box performance

Best Regards ,

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux