[squid-users] R: Squid 100% CPU and possible attack

Eliezer Croitoru eliezer at ngtech.co.il
Mon Oct 26 13:14:46 UTC 2015


Hey Job,

There are still missing parts.
If telnet or nc results with this it usually means bad setup(considering 
the information).
You will need to describe in more detail your setup with subnets+routers 
and iptables rules on the CentOS machine.
What do you do in the telnetting? just running "telnet ip:port" ?
If so then something is wrong on the squid box and it is probably not 
related to squid itself.
What is your squid version? "squid -v", "yum info squid"(if installed 
from RPMs).

Have you tried telnetting squid port and not the danshguardian port?
What is it resulting with?

Eliezer

On 26/10/2015 14:49, Job wrote:
> Hello Amos!
>
>> Something that would cause a machine to make lots of HTTP requests.
>> You have provided almost no information about the network, it
>> configuration, or uses etc. Having eliminated the usual problem(s) it is
>> a waste of time to guess.
>
> I have investigate better about the problem that brings up CPU and Squid process over 100%!
> We have this situation: Dansguardian on port 8080 and Squid on port 3128.
>
> The The problem appear when telnetting, from LAN, to:
> <ip_firewall_proxy>:8080
>
> Squid process raise up, in few seconds, to 100% and nobody can surf..
>
> I disabled NAT, to make sure it was not a loop of iptables-transparent proxying redirection.
>
> Have you good some suggestions for us?
>
> Thank you again!
> Francesco
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



More information about the squid-users mailing list