Re: [squid-users] TCP_MISS/200 in logfile!

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 10 Sep 2003 12:14:32 +0200

On Wednesday 10 September 2003 11.18, Nauman Malik wrote:
> I have lots of TCP_MISS/504 in log files. It slows down my proxy as
> well. Any idea?.
>
>
> 1063160536.044 509082 202.15.52.45 TCP_MISS/504 1021 GET
> http://202.100.131.202/ - NONE/- - 1063160536.044 509617
> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.132.189/ - NONE/-
> - 1063160537.027 509295 202.15.52.45 TCP_MISS/504 1019 GET
> http://202.100.132.28/ - NONE/- - 1063160537.027 509535
> 202.15.52.45 TCP_MISS/504 1019 GET http://202.100.132.30/ - NONE/-
> - 1063160537.027 509325 202.15.52.45 TCP_MISS/504 1021 GET
> http://202.100.131.200/ - NONE/- - 1063160537.027 419656
> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.160.153/ - NONE/-
> - 1063160539.014 509486 202.15.52.45 TCP_MISS/504 1021 GET
> http://202.100.132.238/ - NONE/- - 1063160539.014 509342
> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.133.206/ - NONE/-
> -

Most likely the client with IP 202.15.52.45 is infected by a
virus/worm trying to propagate itself to random IIS servers on the
net or otherwise scanning the network for HTTP servers via your
proxy.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Wed Sep 10 2003 - 04:14:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:37 MST