Re: [squid-users] Opasoft virus problem

From: Kwan Chee Kin <cheekin.kwan@dont-contact.us>
Date: Tue, 28 Jan 2003 11:38:31 +0800

Hi,
        Yup, did that during the initial stage in tackling the problem. It
worked great by solving the problem without shutting down the proxy. But am
just afraid that there will be other machines that are infected and the
virus is not doins its job yet. More worst is that my network uses DHCP for
some of the clients.

        Thank you.

Best regards,
Kwan Chee Kin

----- Original Message -----
From: "Sumanth NS" <sumanth@eis.iisc.ernet.in>
To: "Kwan Chee Kin" <cheekin.kwan@extol.com.my>
Cc: <squid-users@squid-cache.org>
Sent: Tuesday, January 28, 2003 11:08 AM
Subject: Re: [squid-users] Opasoft virus problem

> Hi,
>
> You can try blocking this machine by using iptables
> on your proxy machine.
>
> Care.
> Sumanth
>
>
> On Tue, 28 Jan 2003, Kwan Chee Kin wrote:
>
> # Hi,
> # I hope i'm mailing to the correct mailing list.
> #
> # Lately my network was attacked by the Opaserv virus. This virus
has
> # the ability to grab the configuration from the Netscape browser and
makes a
> # http request for www.opasoft.com (a bogus URL)going through the Web
Proxy,
> # in which is the Squid Web Proxy. The infected host will try to make at
least
> # 100 hits/minute to the bogus URL through the Squid. This affect the
squid
> # logs - access.log and store.log. It grew to a few Gigs within hours.
> #
> # The Squid was dropped to its knees and lie dead since there was
no
> # more diskspace in the machine. I was able to clean up the machine by
> # removing the huge log files and creating new log files and proceed on to
> # remove the pcs that were infected by the virus.
> #
> # My question will be is there any solution to this type of
problem
> # where the squid will just drop requests that have more than 30 hits to a
> # bogus or unreachable URL and not log into the logs?
> #
> # Or is there any third-party solution like a plug-in that will
solve
> # this problem?
> #
> # Any suggestion appreciated. Thank you.
> #
> # Best regards,
> # Kwan Chee Kin
> #
> #
> #
> #
> #
>
>
>
Received on Mon Jan 27 2003 - 20:34:16 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:53 MST