[squid-users] Flooding squid from Michał Margula on 2006-04-10 (squid-users)

From: Michał Margula <alchemyx@dont-contact.us>
Date: Mon, 10 Apr 2006 15:08:34 +0200

Hello!

I have some trouble with new kind of flood targeted at proxy server.
One hosts creates thousands of new connections. Is there a way to
protect against that at squid level? I would like to avoid doing it with
netfilter, because it is hard to guess acceptable limit of connections
(browsers tend to open many of them when viewing one page with many
pictures, flash, java applets and so on).

It is snippet from access.log.

1144674534.008 99296 A.B.C.D TCP_MISS/000 0 GET http://A.B.223.254/ -
NONE/- -
1144674534.008 99220 A.B.C.D TCP_MISS/000 0 GET http://A.B.195.224/ -
NONE/- -
1144674534.008 99220 A.B.C.D TCP_MISS/000 0 GET http://A.B.209.226/ -
NONE/- -
1144674535.013 99967 A.B.C.D TCP_MISS/000 0 GET http://A.B.200.227/ -
NONE/- -
1144674535.013 99967 A.B.C.D TCP_MISS/000 0 GET http://A.B.160.207/ -
NONE/- -
1144674535.013 99707 A.B.C.D TCP_MISS/000 0 GET http://A.B.235.173/ -
NONE/- -
1144674535.022 99967 A.B.C.D TCP_MISS/000 0 GET http://A.B.73.181/ -
NONE/- -
1144674535.022 99967 A.B.C.D TCP_MISS/000 0 GET http://A.B.152.222/ -
NONE/- -
1144674535.022 99656 A.B.C.D TCP_MISS/000 0 GET http://A.B.92.168/ -
NONE/- -
1144674535.022 99397 A.B.C.D TCP_MISS/000 0 GET http://A.B.58.170/ -
NONE/- -
1144674535.022 99918 A.B.C.D TCP_MISS/000 0 GET http://A.B.73.28/ -
NONE/- -
1144674535.022 99723 A.B.C.D TCP_MISS/000 0 GET http://A.B.120.39/ -
NONE/- -
1144674535.022 99731 A.B.C.D TCP_MISS/000 0 GET http://A.B.148.142/ -
NONE/- -
1144674535.022 99854 A.B.C.D TCP_MISS/000 0 GET http://A.B.72.163/ -
NONE/- -
1144674535.022 99854 A.B.C.D TCP_MISS/000 0 GET http://A.B.225.239/ -
NONE/- -
1144674536.005 99964 A.B.C.D TCP_MISS/000 0 GET http://A.B.90.156/ -
NONE/- -
1144674536.005 99964 A.B.C.D TCP_MISS/000 0 GET http://A.B.17.97/ -
NONE/- -
1144674536.005 99258 A.B.C.D TCP_MISS/000 0 GET http://A.B.91.184/ -
NONE/- -
1144674536.005 99938 A.B.C.D TCP_MISS/000 0 GET http://A.B.170.209/ -
NONE/- -
1144674536.005 99042 A.B.C.D TCP_MISS/000 0 GET http://A.B.221.13/ -
NONE/- -
1144674536.005 99953 A.B.C.D TCP_MISS/000 0 GET http://A.B.147.106/ -
NONE/- -
1144674536.005 99898 A.B.C.D TCP_MISS/000 0 GET http://A.B.161.111/ -
NONE/- -
1144674536.005 99324 A.B.C.D TCP_MISS/000 0 GET http://A.B.119.65/ -
NONE/- -
1144674536.005 99325 A.B.C.D TCP_MISS/000 0 GET http://A.B.115.220/ -
NONE/- -
1144674536.005 99387 A.B.C.D TCP_MISS/000 0 GET http://A.B.164.102/ -
NONE/- -
1144674536.005 99372 A.B.C.D TCP_MISS/000 0 GET http://A.B.201.135/ -
NONE/- -
1144674536.005 99333 A.B.C.D TCP_MISS/000 0 GET http://A.B.52.233/ -
NONE/- -
1144674536.005 99362 A.B.C.D TCP_MISS/000 0 GET http://A.B.91.93/ -
NONE/- -
1144674536.005 99325 A.B.C.D TCP_MISS/000 0 GET http://A.B.122.22/ -
NONE/- -
1144674536.005 99138 A.B.C.D TCP_MISS/000 0 GET http://A.B.10.218/ -
NONE/- -

-- 
Michał Margula, alchemyx@uznam.net.pl, http://alchemyx.uznam.net.pl/
"W życiu piękne są tylko chwile" [Ryszard Riedel]

Received on Mon Apr 10 2006 - 07:08:03 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT