[squid-users] Re: my squid box spoofed !!

From: Alex <o_Again2004@dont-contact.us>
Date: Mon, 16 May 2005 11:01:24 +0300

Dear Chris,

only the ip addresses configured in the access list are allowed to browse to
the internet through my proxy server, meaning i just tried to browsethrough
my proxy server and im using a different ip address than the ip addresses
configured in my ACL and i was denied to browse .

is there anything else can cause this issue ?! do u want me to show u my acl
?

Regards,
Alex

On Mon, May 16, 2005 at 10:42:31AM +0300, Alex wrote:
> Dear All,
>
> i have a problem with my squid proxy.. suddenly its performance
decrease
> and i never get the speed i expect from my squid box, and when i tail
to
> access.log i find a weird line of information there,, please find it
below :
>
> 1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT
> 205.188.156.185:25 - DIRECT/205.188.156.185 -
>

Your squid box is a open relay for the entire world to use, and
everyone
is more than likely accessing the internet though it, sending thousands
of spam emails, and what not.

I would suggest that you have a immediate look at your ACLs and tie
them
down. 

--
Chris.
----- Original Message ----- 
From: "Alex" <o_Again2004@yahoo.com>
To: <squid-users@squid-cache.org>
Sent: Monday, May 16, 2005 10:42 AM
Subject: my squid box spoofed !!
> Dear All,
>
> i have a problem with my squid proxy.. suddenly its performance decrease 
> and i never get the speed i expect from my squid box, and when i tail to 
> access.log i find a weird line of information there,, please find it below 
> :
>
> 1115668842.640  14680 61.224.206.211 TCP_MISS/200 824 CONNECT 
> 205.188.156.185:25 - DIRECT/205.188.156.185 -
>
> i found thousands of line similar to this one, even, i dont know the 
> source ip address, destination or even the direct destination !! the 3 ip 
> addresses doesn't belong to my network at all and all are blocked from the 
> squid.conf file, plus why the destenation is trying to make connection on 
> port 25 !!! ? such port is also blocked with the Safe_ports rule !
> port 25 is not allowed on my linux box , so how this ip can hack to my 
> squid box and through my squid can open a session to port 25 on the 
> destination ? and how i can block this from happening ?! its killing my 
> squid box performance
>
> Best Regards ,
Received on Mon May 16 2005 - 02:01:35 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT