Bostonian wrote:
with netstat -n |grep SYN_RECV command, it shows that a few foreign hosts
tcp 0 xx.xx.xx.xxx.3128 yy.yy.yy.yyy.1433 SYN_RECV
....
With netstat -n|grep ESTABLISHED command, it show that a few foreign host
tcp 0 xx.xx.xx.xxx.3128 zz.zz.zzz.zz1430 SYN_RECV
....
Is this normal?
Maybe, maybe not.
Check your access.log to see what is happening to those connections.
They may be attack attempts that are denied safely by squid.
Amos
On Mon, Feb 2, 2009 at 6:50 PM, Bostonian <ygwen77@xxxxxxxxx> wrote:
I am a newbie here. Does "doing interception on inbound connections"
mean that my squid box intercepts the client's request and returns the
traffic from port 3128? Is this the normal way through which squid
returns the request to its clients?
Thank you.
On Mon, Feb 2, 2009 at 6:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Dear All:
I am running a squid 3.0 on a centos box and set it as
http_port 3128 transparent
It has been working well for a while. Then I noticed a traffic spike.
tcpdump shows
that there are a lot of traffic from port 3128 to other clients. I
have disabled incoming
traffic to 3128 from outside.
What could be the reason? Someone hacked my cache?
Best Regards,
Young Wen
Perhapse you are doing interception on inbound connections somehow?
NAT will break past the firewall in that case.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
Current Beta Squid 3.1.0.4
