Search squid archive

Re: [squid-users] my squid box spoofed !!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Alex,

Which version are you using? Did you try to set acl and allow requests from intranet (e.g. 192.168.1.0/255.255.255.0) only :-

acl intranet src 192.168.0.0/255.255.255.0
http_access allow intranet
http_access deny all

Regards,  John Mok


Alex wrote:

Dear All,

i have a problem with my squid proxy.. suddenly its performance decrease and i never get the speed i expect from my squid box, and when i tail to access.log i find a weird line of information there,, please find it below :

1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT 205.188.156.185:25 - DIRECT/205.188.156.185 -

i found thousands of line similar to this one, even, i dont know the source ip address, destination or even the direct destination !! the 3 ip addresses doesn't belong to my network at all and all are blocked from the squid.conf file, plus why the destenation is trying to make connection on port 25 !!! ? such port is also blocked with the Safe_ports rule !
port 25 is not allowed on my linux box , so how this ip can hack to my squid box and through my squid can open a session to port 25 on the destination ? and how i can block this from happening ?! its killing my squid box performance


Best Regards ,



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux