On Fri, Jul 20, 2001 at 01:02:11PM +1200, Thomas Salmen wrote:
> Another one hit by the Code Red storm, huh...
>
> Putting them in an acl didn't seem to make a huge difference for us
> either - our Squids were still needing to process the connections, and
> getting so many of them that legitimate traffic was slowing right down.
> We ended up using ipchains to deny all requests from affected customers.
> But we only had 8 or so - you guys might have a few more...
We've found most affected machines to be sending a few hundred requests
out. However one or two have been much worse: one doing 1.4 million,
another seriously slowing everything with 46 million requests Sunday/Monday
(ouch!). This required blocks at the network hardware level to take the
load off squid...
-- --------------- Robin Stevens <robin.stevens@oucs.ox.ac.uk> ----------------- Oxford University Computing Services ----------- Web: http://www.cynic.org.uk/ ------- (+44)(0)1865: 273212 (work) 273275 (fax) Mobile: 07776 235326 -------Received on Fri Jul 20 2001 - 09:07:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:17 MST