It's regarding active fingerprinting and mitigating attacks, not just it's passive use. (Sorry for the dbl send)
On Oct 30, 2017 21:41, "Alex Rousskov" <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 10/30/2017 12:15 PM, Andrei wrote:
> You do realize that there's nothing "weird" about p0f, right?
Right. I do not know why you had to ask though: There is nothing related
to p0f (i.e., a passive traffic analysis tool) in my response. And the
original question is probably unrelated to p0f as well since active
connection resets are incompatible with the idea of passive analysis.
Alex.
> On Mon, Oct 30, 2017 at 11:22 AM, Alex Rousskov wrote:
>
> On 10/30/2017 03:51 AM, Troiano Alessio wrote:
>
> > I've squid 3.5.20 running on RHEL 7.4. I have a problem to access
> > some websites, for example www.nato.int <http://www.nato.int>. This website apply an
> > Anti-DDoS system that reset the first connection after the TCP 3-way
> > handshake (SYN/SYN-ACK/ACK/RST-ACK). All subsequent TCP connections
> > are accepted. The website administrator say's it is by design.
>
>
> > When I browse the site with squid proxy the browser receive an "Empty
> > Response" squid error page (HTTP error code 502 Bad Gateway) and
> > doesn't do the automatic retry:
>
> This is by design as well :-).
>
> We can change Squid behavior to retry connection resets, but I am sure
> that some folks will not like the new behavior because in _their_ use
> cases a retry is wasteful and/or painful. IMHO, the new behavior should
> be controlled by a configuration directive, possibly an ACL-driven one.
>
> Quality patches implementing the above feature should be welcomed IMO.
> The tip of the relevant code is probably in ERR_ZERO_SIZE_OBJECT
> handling inside FwdState::fail(). There is a similar code that handles
> persistent connection races there already, but the zero-size reply code
> may need a new dedicated FwdState flag to prevent infinite retry loops
> when the origin server is broken (a much more typical use case than the
> weird attempt at DDoS mitigation that you have described above).
>
> https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_ add_a_new_Squid_feature.2C_ enhance.2C_of_fix_something.3F
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users