Search squid archive

DoS Vulnerabilities involving Squid &/or ICP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.  I was trying to check whether there is some security hole or
issue with our squid &/or ICP that I should know about.  I looked around
the www.squid-cache.org & the web, but didn't find anything relevant to
the case below.  I'd appreciate any pointers. 


BACKGROUND:


Someone from web site X claimed that someone from our site was launching
a DoS against them.  The IP he gave was our proxy.  It turns out someone
from our site *was* repeatedly trying to download a certain audio URL
(perhaps non maliciously). 


When checking our squid logs, I found the following message:


    ploni.jct.ac.il - - [01/Aug/2007:16:30:02 +0300]
    "ICP_QUERY
    http://www.a.org/uploadfile/radio/pu2.wma?lang=hebrew
    HTTP/0.0" 0 80 UDP_MISS:NONE


I changed the 2 host names.  "ploni" is our wireless network server.  It
runs its own squid, which uses our proxy server's squid as a parent. 
That's the ICP_QUERY above.  Not knowing much about ICP, I first thought
the above message was suspicious, though I don't think so now. 


CONFIGURATION:


Our proxy server runs:

    * Squid Cache: Version 2.5.STABLE6-CVS
    * Red Hat Enterprise Linux WS release 3 (Taroon Update 1)
    * kernel 2.4.21-9.ELsmp

Our wireless server runs:

    * Squid Cache: Version 2.5.STABLE3
    * Red Hat Enterprise Linux WS release 3 (Taroon Update 5)
    * kernel 2.4.21-37.ELsmp

Thanks

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Haim (Howard) Roman
Computer Center, Jerusalem College of Technology
roman@xxxxxxxxx
Phone: 052-8-592-599 (6022 from within Machon Lev)



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux