Thx for the reply. In this scenario how I blocked those requests on my Proxy which are carrying that doom virus. i.e how I trace them.
Thx Regards, Danish Khan -----Original Message----- From: Hwee Khoon, Neo [mailto:[EMAIL PROTECTED] Sent: Monday, February 16, 2004 1:04 PM To: [EMAIL PROTECTED]; 'Duane Wessels' Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] is it a DOS attack ?? try and access www.microsoft.com from your squid server, if you ca'nt get thru, it means microsoft has blocked you out. if you are getting alot of request to www.microsoft.com without any user-agent header and request object, some machines using your proxy could have been infected with mydoom.c virus and tries to flood the website with requests try and blocked these request out by denying request that does not have any user-agent header inside squid.conf rgds hk ----- Original Message ----- From: "Danish Khan" <[EMAIL PROTECTED]> To: "'Duane Wessels'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, February 15, 2004 12:35 PM Subject: RE: [squid-users] is it a DOS attack ?? > Yea I can saw the forwarding loop thing in cache.log.. but plz tell me in > detail that how I overcome that. > > Regards > > Danish Khan > > -----Original Message----- > From: Duane Wessels [mailto:[EMAIL PROTECTED] > Sent: Sunday, February 15, 2004 5:51 AM > To: Danish Khan > Cc: [EMAIL PROTECTED] > Subject: RE: [squid-users] is it a DOS attack ?? > > > > > On Sat, 14 Feb 2004, Danish Khan wrote: > > > I have configured my box with 8192 FD but still I got warnings of FD's and > > tooo many comm.(23) Port error WHY plz update :( > > > > Danish > > > > -----Original Message----- > > From: Mahmood Ahmed [mailto:[EMAIL PROTECTED] > > Sent: Saturday, February 14, 2004 10:24 PM > > To: [EMAIL PROTECTED] > > Subject: [squid-users] is it a DOS attack ?? > > > > Hello List! > > > > I have been facing this strange problem for last 3 days. I hope some one > > here will be able to shed light on it. I dont know wheather its a bug or a > > virus or a DOS attack but it is hitting my squid box very hard. in my > access > > > > log i am seeing a lot of these. > > > > 1076806934.151 451 202.133.44.214 TCP_MISS/000 0 GET > > http://www.microsoft.com/ - NONE/- - > > 1076806934.163 461 202.133.44.214 TCP_MISS/000 0 GET > > This looks to me like a forwarding loop. > > Are you using HTTP interception? > > Duane W. >
