Ahh.. on my backup proxy in which I allow that subnet I was again on attack but this time on the squid version is 3.4.5. Squid Cache: Version 3.4.5 configure options: '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=65535' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience The syslog is saying below May 27 06:36:22 proxy1 squid[3503]: Squid Parent: (squid-1) process 16614 exited due to signal 6 with status 0 May 27 06:36:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16672 started May 27 06:39:22 proxy1 squid[3503]: Squid Parent: (squid-1) process 16672 exited due to signal 6 with status 0 May 27 06:39:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16729 started May 27 06:42:23 proxy1 squid[3503]: Squid Parent: (squid-1) process 16729 exited due to signal 6 with status 0 May 27 06:42:26 proxy1 squid[3503]: Squid Parent: (squid-1) process 16790 started May 27 06:45:23 proxy1 squid[3503]: Squid Parent: (squid-1) process 16790 exited due to signal 6 with status 0 May 27 06:45:26 proxy1 squid[3503]: Squid Parent: (squid-1) process 16847 started May 27 06:48:24 proxy1 squid[3503]: Squid Parent: (squid-1) process 16847 exited due to signal 6 with status 0 May 27 06:48:27 proxy1 squid[3503]: Squid Parent: (squid-1) process 16903 started May 27 06:51:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16903 exited due to signal 6 with status 0 May 27 06:51:28 proxy1 squid[3503]: Squid Parent: (squid-1) process 16963 started May 27 06:54:25 proxy1 squid[3503]: Squid Parent: (squid-1) process 16963 exited due to signal 6 with status 0 May 27 06:54:28 proxy1 squid[3503]: Squid Parent: (squid-1) process 17019 started The Cache log is saying this and restarting the child every time. 2014/05/27 06:36:21 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:39:21 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:42:22 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:45:23 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:48:23 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:51:24 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" 2014/05/27 06:54:24 kid1| assertion failed: store.cc:915: "store_status == STORE_PENDING" Again from access log not been able to point out who could be the culprit of that and further what query made him possible for exploiting this vulnerability of the latest version of squid 3.4.5. Any inside expert opinion to filter such exploiting request. BR Farooq -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, May 27, 2014 10:55 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: store.cc crashing the squid child On 27/05/2014 4:32 p.m., Farooq Bhatti wrote: > Hi There, > > Pardon me for long email. Actually I faced a DOS attack in a > university setup and want to get help to avoid it in future. I am > using squid following version > > squid -v > Squid Cache: Version 3.4.3 Could be this: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt Please upgrade to the latest Squid version. Today that is 3.4.5. Amos --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com