I'm running Squid 2.5 Stable1 on Redhat Linux 9.0, kernel 2.4.20-18.
Our cache is running fine until we use a vulnerability scanner (Nessus).
Nessus has many vulnerability scans, but one set of the scans check for
httpd vulnerabilities. When we start the scan of another network, the
router (via WCCP) intercepts the http requests and forwards them to the
squid box. Eventually (somewhere between 1 minute and 30 minutes), the
squid box stops forwarding back out requests and the clients don't get
their web requests fulfilled and then the screaming starts ;-)
A couple of notes:
o We are not scanning the squid box directly. We are scanning machines
elsewhere on the network and the http requests (that are part of
some of the vulnerability scans) get redirected to the web cache.
o Thinking that the squid box would lock up because of something in
the scans themselves, we scanned the squid box directly and it
kept humming along just fine.
o We use WCCP version 1 off a Cisco 6500 running 12.1.13. We do not
configure the clients to use a proxy.
o It all works fine until the scans start and it seems to ride them
out for a little while. We can easily (unfortunately) recreate
the problem.
o The box is not overwhelmed - the nessus scanner only sends out an
http request as part of its scan every second or so.
o No errors are reported in the squid logs that I can find that
would indicate a problem.
o WCCP continues to work because the router thinks it has a good cache
engine and sends it request, but the squid box just "eats" them.
o We have temporarily solved this by putting an access list on the router
telling the router not to redirect http packets from the nessus
machines to the squid cache. However, this is not a feasible long
term solution as others on our campus of 25,000 may do a nessus scan
from somewhere and then our cache engine will die.
Has anyone else witnessed this problem? I have searched the archives for
related issues and found none :-(
Thank you
--Greg Redder
Network Analyst
Colorado State University
===============================================================================
Greg Redder Academic Computing & Networking Services
Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958
601 S. Howes, Room 625 E-mail: redder@yuma.colostate.edu
Fort Collins, CO 80523 PGP Fprint:299F83B58A72BE7428E064E801749C69FFA537C6
===============================================================================
Received on Mon Jun 09 2003 - 11:26:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:17 MST