Search squid archive

Re: SECURITY ALERT: Squid Cache: Version 3.2.0.13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hooray progress :)


On 2/12/2011 5:49 a.m., David Touzeau wrote:

Here it is the log in debug mode :

----------
2011/12/01 17:49:14.106 kid1| HTTP Client local=4.26.235.254:80
remote=192.168.1.228:1074 FD 30 flags=33
2011/12/01 17:49:14.106 kid1| HTTP Client REQUEST:
---------
GET /v9/windowsupdate/a/selfupdate/WSUS3/x86/Other/wsus3setup.cab?1112011649 HTTP/1.1
Accept: */*
User-Agent: Windows-Update-Agent
Host: download.windowsupdate.com
Connection: Keep-Alive

K. first problem:
#  host download.windowsupdate.com
...
download.windowsupdate.com.c.footprint.net has address 204.160.124.126
download.windowsupdate.com.c.footprint.net has address 8.27.83.126
download.windowsupdate.com.c.footprint.net has address 8.254.3.254


Client is connecting to server 4.26.235.254 port 80. Which is clearly not "download.windowsupdate.com" according to the official DNS entries I can see. It is likely you have another set of IPs entirely, so please confirm that by running "host download.windowsupdate.com" on the Squid box.

Note that transparent Squid requires the same DNS "view" as the clients to keep the traffic flowing to the right places. Since it should be in the same network as the clients for transparent to work anyway this is not usually a problem. But can appear if you or the client is doing anything fancy with DNS server configurations.

NP: if 4.26.235.254 happens to be a local WSUS server you need to configure your local DNS to pass that info on to Squid for the relevant WSUS hosted domains. You will also benefit from Squid helping to enforce that MS update traffic stays on-LAN.


Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux