[squid-users] is it a DOS attack ??

From: Mahmood Ahmed <braveheart@dont-contact.us>
Date: Sat, 14 Feb 2004 22:23:40 +0500

Hello List!

I have been facing this strange problem for last 3 days. I hope some one
here will be able to shed light on it. I dont know wheather its a bug or a
virus or a DOS attack but it is hitting my squid box very hard. in my access
log i am seeing a lot of these.

1076806934.151 451 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.163 461 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.170 419 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.173 403 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.182 391 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.184 361 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.191 314 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.236 318 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.282 365 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.285 350 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.325 372 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.454 134 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.784 383 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.862 418 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806934.892 334 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.048 381 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.048 380 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.048 374 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.055 337 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.101 358 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.178 412 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.353 530 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.362 539 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.439 585 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.563 694 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.641 751 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.710 784 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.730 802 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.730 775 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.747 786 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.789 781 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.811 802 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.845 746 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806935.854 685 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806935.868 698 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806936.169 653 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806936.169 612 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806936.169 610 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806936.304 707 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806936.407 775 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806937.343 1171 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806937.663 1322 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806937.815 1289 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806937.873 1266 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806937.923 1083 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806938.002 1473 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - NONE/- -
1076806938.080 1279 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806938.090 1178 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -
1076806938.125 725 202.133.44.214 TCP_MISS/000 0 GET
http://www.microsoft.com/ - DIRECT/www.microsoft.com -

This thing tie up all the 2048 file descriptors and in my cache log i get
warnings and at the same time my clients start to complain about the
performance.

WARNING! Your cache is running out of filedescriptors

So can any one help

Regards
Mahmood Ahmed
Senior Network Engineer
Buraak Telecommunications

---------------------------------------------------------
This mail has been sent using Buraak Net's Mailing System
(http://www.buraak.net.pk)
Received on Sat Feb 14 2004 - 10:30:11 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST