I suspect, these messages, for example, are not caused by any malware, but somehow by skype: 2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL: mobile.pipe.aria.microsoft.com:443 2019/01/23 13:38:18 kid1| SECURITY ALERT: Host header forgery detected on local=52.114.76.35:443 remote=192.168.182.10:59312 FD 31 flags=33 (local IP does not match any domain IP) 2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL: mobile.pipe.aria.microsoft.com:443 2019/01/23 13:39:03 kid1| SECURITY ALERT: Host header forgery detected on local=52.114.74.44:443 remote=192.168.182.10:59378 FD 37 flags=33 (local IP does not match any domain IP) 2019/01/23 13:39:03 kid1| SECURITY ALERT: on URL: mobile.pipe.aria.microsoft.com:443 May be, some inconsistency of cached DNS in the client and the openwrt-device, running squid. There are some "rumours", that not all browsers correctly honor TTL for cached DNS. Anyway, even, in case malware would trigger these messages, then this opens the gate to attack resource limited squid-installations, like mine on openwrt, by flooding cache.log, kept in RAM, and possibly forcing an OOM-crash. Simple fix would be to disable cache.log, but I am hesitating to do so, not to drop more valuable messages. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
