Re: [squid-users] TCP Flooding attack and DNS Poisioning attack

From: Eliezer Croitoru <eliezer_at_ec.hadorhabaac.com>
Date: Mon, 11 Apr 2011 22:34:02 +0300

On 11/04/2011 20:53, squid_at_sourcesystemsonline.com wrote:

> Good day,
> Some times when i check my ESET Antivirus LogFile, it shows that some
> activities of clients in my network are attacking my network especially
> squid port (3128) with TCP Flooding or DNS Poisioning. I check the
> internet for there meaning and found out that they are not good activities
> on any network.
What?
it's nice t know that you do have tcp flooding.. or what so..
but the problem is that the AV is not providing any details on how it is
getting this conclusion.
i would start with a simple wireshark on this specific machine that you
are getting the warnings
in case you do have some problems on your network setup.
by the way proxy traffic can indeed in a way be misunderstood as TCP
flood and DNS spoofer.
> Is there any configuration option(s) in squid that i can use to drop/block
> such TCP Flooding and DNS Poisioning traffic?
> Any suggestion?
Squid is a server.. it wont react unless it requested to do things.
this is from my experience so unless you have a bad squid setup that can
lead to open relay proxy..
i cant really thing of something.
if i dont know or understand something i would like to here about it.

Eliezer

> Regards,
> Yomi.
Received on Mon Apr 11 2011 - 19:34:10 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 12 2011 - 12:00:04 MDT