On 11/04/2011 20:53, squid@xxxxxxxxxxxxxxxxxxxxxxx wrote:
Good day,
Some times when i check my ESET Antivirus LogFile, it shows that some
activities of clients in my network are attacking my network especially
squid port (3128) with TCP Flooding or DNS Poisioning. I check the
internet for there meaning and found out that they are not good activities
on any network.
What?
it's nice t know that you do have tcp flooding.. or what so..
but the problem is that the AV is not providing any details on how it is
getting this conclusion.
i would start with a simple wireshark on this specific machine that you
are getting the warnings
in case you do have some problems on your network setup.
by the way proxy traffic can indeed in a way be misunderstood as TCP
flood and DNS spoofer.
Is there any configuration option(s) in squid that i can use to drop/block
such TCP Flooding and DNS Poisioning traffic?
Any suggestion?
Squid is a server.. it wont react unless it requested to do things.
this is from my experience so unless you have a bad squid setup that can
lead to open relay proxy..
i cant really thing of something.
if i dont know or understand something i would like to here about it.
Eliezer
Regards,
Yomi.
