Hi
We just experienced a strange "attack" on our proxy by a single PC
running IE4.01
I have the Proxy Auth patch on Squid 1.1.11 on Solaris 2.5.1 with 1GB
cache size and 256MB RAM.
They were accessing the Telstra Big Pond site
(http://www.bigpond.com.au/), and had left it to view another page. No
trace of Big Pond left on the screen anywhere.
The Big Pond web site has a News Ticker on it, and the IE4 client went
bezerk requesting the following URL (as taken from the logs)
889594175.522 2 153.14.6.65 ERR_PROXY_DENIED/407 1251 GET
http://www.bigpond.com/Home/Misc/NewsTicker/data.asp - NONE/- -
889594175.557 2 153.14.6.65 ERR_PROXY_DENIED/407 1251 GET
http://www.bigpond.com/Home/Misc/NewsTicker/data.asp - NONE/- -
889594175.580 2 153.14.6.65 ERR_PROXY_DENIED/407 1251 GET
http://www.bigpond.com/Home/Misc/NewsTicker/data.asp - NONE/- -
889594175.603 5 153.14.6.65 ERR_PROXY_DENIED/407 1251 GET
http://www.bigpond.com/Home/Misc/NewsTicker/data.asp - NONE/- -
This repeated over and over and over again. Literally dozens of
requests per second for 20 minutes or more (total for 17 minutes uptime
after I killed and restarted Squid in anger was 33000 requests, or about
32 request per second). Clearly the browser didn't have the right proxy
credentials for username/password, and kept on trying to get the page
(even though the user wasn't requesting it any more). I though maybe
it was some sort of "active channel" problem ? Any ideas welcome....
swapon -s shows (under quiescent conditions)
total: 42312k bytes allocated + 8208k reserved = 50520k used, 588144k
available
During the peak of the problems, we were down to 10M swap space or less.
The size of Squid ballooned to 160MB or more (I could have sworn we had
190MB plus for a while - I stopped and restarted it heaps of times).
The cache.log file complained:
FATAL: xmalloc: Unable to allocate 4536 bytes!
Which, on checking the cachemgr.cgi output for "Cache Information",
matches the "Pool for Request Structure" size.
During the peak "attack" period, this pool had over 33000 items, each of
4536 bytes, using over 146MB of memory. Remember this is separate from
the "Pool for in-memory objects", which was only 288KB !!!
At normal usage levels, the number of "Pool for Request Structure" count
is only very low, generally less than 30.
So, why did it keep on growing and growing under heavy load ? What
"prunes" this back to normal size again ? Are there any later version
patches that fix this problem ? In which module do I even start to look
?
Anyone else experience this sort of problem with IE4.01 ?
HELP ...... HELP ....... HELP ...... HELP......
Regards
A somewhat confused Jason..... waiting for the next attack of IE4 on my
proxy.....
Received on Tue Mar 10 1998 - 23:51:44 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:14 MST