with netstat -n |grep SYN_RECV command, it shows that a few foreign hosts tcp 0 xx.xx.xx.xxx.3128 yy.yy.yy.yyy.1433 SYN_RECV .... With netstat -n|grep ESTABLISHED command, it show that a few foreign host tcp 0 xx.xx.xx.xxx.3128 zz.zz.zzz.zz1430 SYN_RECV .... Is this normal? On Mon, Feb 2, 2009 at 6:50 PM, Bostonian <ygwen77@xxxxxxxxx> wrote: > I am a newbie here. Does "doing interception on inbound connections" > mean that my squid box intercepts the client's request and returns the > traffic from port 3128? Is this the normal way through which squid > returns the request to its clients? > Thank you. > > On Mon, Feb 2, 2009 at 6:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >>> Dear All: >>> >>> I am running a squid 3.0 on a centos box and set it as >>> >>> http_port 3128 transparent >>> >>> It has been working well for a while. Then I noticed a traffic spike. >>> tcpdump shows >>> that there are a lot of traffic from port 3128 to other clients. I >>> have disabled incoming >>> traffic to 3128 from outside. >>> >>> What could be the reason? Someone hacked my cache? >>> >>> Best Regards, >>> Young Wen >>> >> >> Perhapse you are doing interception on inbound connections somehow? >> NAT will break past the firewall in that case. >> >> Amos >> >> >> >
