RE: [squid-users] Squid under attack (opaserv)

From: Niti Lohwithee <nitil@dont-contact.us>
Date: Tue, 7 Jan 2003 13:14:44 +0700

Dear Henrik
        
        Thank you for your answers. But I can block the virus at router.
I have a long list of access-list in the router. There are many people
infected the virus. I can not control them.

I have a long term solution using IDS in mid-year. But Now. I would like
to use short term solution by turning the Linux kernel to protect it.

I don't know that Is it possible?

Regards and thank you
Niti :)

 

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Tuesday, January 07, 2003 12:29 PM
To: Niti Lohwithee
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid under attack (opaserv)

Recommendation:

Use firewalling to block the offending clients from reaching Squid until
they have been fixed.

Most OS:es, including RedHar 6.2 has built-in features for firewalling.
RedHat 6.2 uses Linux-2.2 and there the firewalling mechanism is
ipchains.

To block a offending PCs from accessing your Squid server:

  ipchains -A input -s ip.of.infected.pc -j DENY

To unblock it again when fixed:

  ipchains -D input -s ip.of.infected.pc -j DENY

Regards
Henrik

Niti Lohwithee wrote:
>
> Dear all,
>
> I'm facing problem. My box is Redhat 6.2 and squid Version
> 2.3.STABLE3 . Now it is attacked from opaserv. The average cpu is
about
> 80-95 %. Sometime the log file is over 2 GB. I try to solving this
> problem using enable echo 1 > /proc/sys/net/ipv4/tcp_syncookies but
> It 's not work.
>
> Please someone advise what to do
>
> Regards and thank you
> Niti : )
Received on Mon Jan 06 2003 - 23:14:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:29 MST