Hello. I was trying to check whether there is some security hole or issue with our squid &/or ICP that I should know about. I looked around the www.squid-cache.org & the web, but didn't find anything relevant to the case below. I'd appreciate any pointers. BACKGROUND: Someone from web site X claimed that someone from our site was launching a DoS against them. The IP he gave was our proxy. It turns out someone from our site *was* repeatedly trying to download a certain audio URL (perhaps non maliciously). When checking our squid logs, I found the following message: ploni.jct.ac.il - - [01/Aug/2007:16:30:02 +0300] "ICP_QUERY http://www.a.org/uploadfile/radio/pu2.wma?lang=hebrew HTTP/0.0" 0 80 UDP_MISS:NONE I changed the 2 host names. "ploni" is our wireless network server. It runs its own squid, which uses our proxy server's squid as a parent. That's the ICP_QUERY above. Not knowing much about ICP, I first thought the above message was suspicious, though I don't think so now. CONFIGURATION: Our proxy server runs: * Squid Cache: Version 2.5.STABLE6-CVS * Red Hat Enterprise Linux WS release 3 (Taroon Update 1) * kernel 2.4.21-9.ELsmp Our wireless server runs: * Squid Cache: Version 2.5.STABLE3 * Red Hat Enterprise Linux WS release 3 (Taroon Update 5) * kernel 2.4.21-37.ELsmp Thanks -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Haim (Howard) Roman Computer Center, Jerusalem College of Technology roman@xxxxxxxxx Phone: 052-8-592-599 (6022 from within Machon Lev)