Re: forwarding loops from Niall Doherty on 1998-10-06 (squid-users)

From: Niall Doherty <ndoherty@dont-contact.us>
Date: Tue, 06 Oct 1998 13:04:40 +0100

Hi,

> We had exactly the same thing under Squid 1.2.beta23 last friday.
Nice to know we're not alone !

> I haven't seen this since we upgraded to 2.00 last saturday though.
Well - I wouldn't necessarily be comforted by that :-)

> perhaps thats how they are finding out how to attack people !
> All mine posted now will have xxx.xxx.xxx.xxx from now on.

Whoever it was probably just set you up as a peer and may just have
hit the same bug we have ? Not necessarily malicious...

I ran squid -k debug and got some interesting output.

Here's one line. Some surrounding info is below:

(The IP address 192.x.x.x is the address of a sibling peer - inside
our firewall...)

1998/10/06 12:55:00| 2940a30: joined for id 50: unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown

---
1998/10/06 12:55:00| httpSendRequest: FD 133: httpState 2752408.
1998/10/06 12:55:00| init-ing hdr: efffdb18 owner: 2
1998/10/06 12:55:00| httpBuildRequestHeader: range specs: 0, cachable: 0;
we_do_ranges: 0
1998/10/06 12:55:00| 2940a30: joining for id 9
1998/10/06 12:55:00| httpBuildRequestHeader: Referer: http://hotmail.com/
1998/10/06 12:55:00| created entry 2590490: 'Referer: http://hotmail.com/'
1998/10/06 12:55:00| efffdb18 adding entry: 37 at 0
1998/10/06 12:55:00| httpBuildRequestHeader: User-Agent: Mozilla/4.03 [en]
(WinNT; I)
1998/10/06 12:55:00| created entry 25e0fc8: 'User-Agent: Mozilla/4.03 [en]
(WinNT; I)'
1998/10/06 12:55:00| efffdb18 adding entry: 43 at 1
1998/10/06 12:55:00| httpBuildRequestHeader: Host: 207.82.250.251
1998/10/06 12:55:00| created entry 2610408: 'Host: 207.82.250.251'
1998/10/06 12:55:00| efffdb18 adding entry: 22 at 2
1998/10/06 12:55:00| httpBuildRequestHeader: Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, */*
1998/10/06 12:55:00| created entry 26085b8: 'Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, */*'
1998/10/06 12:55:00| efffdb18 adding entry: 0 at 3
1998/10/06 12:55:00| httpBuildRequestHeader: Accept-Language: en
1998/10/06 12:55:00| created entry 2419728: 'Accept-Language: en'
1998/10/06 12:55:00| efffdb18 adding entry: 3 at 4
1998/10/06 12:55:00| httpBuildRequestHeader: Accept-Charset: iso-8859-1,*,utf-8
1998/10/06 12:55:00| created entry 2435d48: 'Accept-Charset: iso-8859-1,*,utf-8'
1998/10/06 12:55:00| efffdb18 adding entry: 1 at 5
1998/10/06 12:55:00| httpBuildRequestHeader: Cookie: ID=f9caebe1ba39d670
1998/10/06 12:55:00| created entry 2381df0: 'Cookie: ID=f9caebe1ba39d670'
1998/10/06 12:55:00| efffdb18 adding entry: 53 at 6
1998/10/06 12:55:00| httpBuildRequestHeader: X-Forwarded-For: unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown
1998/10/06 12:55:00| httpBuildRequestHeader: Cache-Control: max-age=2592000
1998/10/06 12:55:00| httpBuildRequestHeader: Proxy-Connection: keep-alive
1998/10/06 12:55:00| 2940a30: joining for id 45
1998/10/06 12:55:00| efffdb18 adding entry: 45 at 7
1998/10/06 12:55:00| 2940a30: joining for id 50
1998/10/06 12:55:00| 2940a30: joined for id 50: unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown
known, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23'
1998/10/06 12:55:00| efffdb18 adding entry: 50 at 8
1998/10/06 12:55:00| efffdb18 lookup for 22
1998/10/06 12:55:00| 2940a30: joining for id 8
1998/10/06 12:55:00| 2940a30: joined for id 8: max-age=2592000
1998/10/06 12:55:00| efffdb18 del-by-id 8
1998/10/06 12:55:00| created entry 266cc98: 'Cache-Control: max-age=2592000'
1998/10/06 12:55:00| efffdb18 adding entry: 8 at 9
1998/10/06 12:55:00| created entry 266cc80: 'Proxy-Connection: keep-alive'
1998/10/06 12:55:00| efffdb18 adding entry: 33 at 10
1998/10/06 12:55:00| packing hdr: (efffdb18)
1998/10/06 12:55:00| cleaning hdr: efffdb18 owner: 2
1998/10/06 12:55:00| destroying entry 2590490: 'Referer: http://hotmail.com/'
1998/10/06 12:55:00| destroying entry 25e0fc8: 'User-Agent: Mozilla/4.03 [en]
(WinNT; I)'
1998/10/06 12:55:00| destroying entry 2610408: 'Host: 207.82.250.251'
1998/10/06 12:55:00| destroying entry 26085b8: 'Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, */*'
1998/10/06 12:55:00| destroying entry 2419728: 'Accept-Language: en'
1998/10/06 12:55:00| destroying entry 2435d48: 'Accept-Charset:
iso-8859-1,*,utf-8'
1998/10/06 12:55:00| destroying entry 2381df0: 'Cookie: ID=f9caebe1ba39d670'
nown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23'
1998/10/06 12:55:00| destroying entry 266cc98: 'Cache-Control: max-age=2592000'
1998/10/06 12:55:00| destroying entry 266cc80: 'Proxy-Connection: keep-alive'
1998/10/06 12:55:00| httpSendRequest: FD 133:
GET
http://207.82.250.251/cgi-bin/HoTMaiL?disk=207.82.250.169_d425&login=lars_laj&f=33793&curmbox=ACTIVE&noad=1
HTTP/1.0
Referer: http://hotmail.com/
User-Agent: Mozilla/4.03 [en] (WinNT; I)
Host: 207.82.250.251
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
Cookie: ID=f9caebe1ba39d670
X-Forwarded-For: unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23,
unknown, 192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23, unknown,
192.66.3.23, unknown, 192.66.3.23, unknown, 192.66.3.23
Cache-Control: max-age=2592000
-- 
Niall Doherty          | mailto:ndoherty@eei.ericsson.se
Systems Engineer       | http://www.ericsson.ie
Voice: +353 1 207 7506 | Ericsson Systems Expertise Ltd.,
Fax:   +353 1 207 7115 | Beech Hill, Clonskeagh, Dublin 4, Ireland.

Received on Tue Oct 06 1998 - 05:10:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:21 MST