Re: forwarding loops

From: Steve Judge <sjudge@dont-contact.us>
Date: Tue, 06 Oct 1998 21:47:02 +1000

At 11:33 06-10-98 +0100, you wrote:
We had exactly the same thing under Squid 1.2.beta23 last friday.
except when it happened it grabbed our whole link for one hour until i
trashed everything, including taking our 512K link out and shutting the
proxy down to stop it !
All the packets inbound and outbound were on port 80 directed at our proxy
servers ip address, we're running transparent proxying as well.
When i checked through ip accounting on our cisco they were coming from a
terminal server in the states at:
208.228.228.241 termserv-sc.nai.com
with exactly the same in the log file as you had except it was a porn
banner .gif file it was forwarding.

I haven't seen this since we upgraded to 2.00 last saturday though.

BTW: This list is also been mirrored by DEJA-NEWS, I thought it was secure
from that and only for people subscribed to the list, i posted a message
that had some ips that could have been sensitive in here a couple of weeks
ago to the list and on a search of Deja-News tonight found it in there,
perhaps thats how they are finding out how to attack people !
All mine posted now will have xxx.xxx.xxx.xxx from now on.

Steve Judge
Managing Director
Globec Internet Services Pty Ltd
http://www.globec.com.au/
Received on Tue Oct 06 1998 - 04:46:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:21 MST