# Hi all,
#
# We're experiencing a very strange problem with our Squid 2.2Stable4:
#
# Encountered over one day, we've seen about 400 users (out of
# 6000) browsing
# the internet from their normal IP-addresses, but once in a
# while a strange
# IP-address shows up (in stead of their own IP-address). That strange
# IP-address is out of our own IP-range and somewhere on the internet.
#
# The ip-address isn't traceable or routeable from the internal
# network, so it
# isn't a anonymous proxy.
#
# Right after the request from the strange IP-address, the same
# request is
# logged in access.log with the correct IP-address.
#
# Any one seen this kind of behaviour? We're suspecting some
# kind of spyware,
# but maybe it's just a glitch in Squid.
#
I've discovered some additional info:
After examining logfiles from several days, it seems that these entries
somehow are related to the same sites (a lot of them). I can replicate the
problem by surfing there myself.
One theory could be the (default) ability of Internet Explorer 5.5 to use
HTTP/1.1. The default setting is to use this protocol, but not through
proxies. Does this somehow relate to the problem?
Our squid-conf has "forwarded-for" set to off.
Someone any thoughts on this?
Kind regards,
Peter
Disclaimer
1. This e-mail is for the intended recipient only. If you have received it
by mistake please let us know by reply and then delete it from your system;
access, disclosure, copying, distribution or reliance on any of it by anyone
else is prohibited.
2. If you as intended recipient have received this e-mail incorrectly,
please notify the sender (via e-mail) immediately. This e-mail is
confidential and may be legally privileged. DSM does not guarantee that the
information sent and/or received by or with this e-mail is correct and does
not accept any liability for damages related thereto.
Received on Thu Mar 07 2002 - 01:40:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:46 MST