hi all
Outgoing traffic from my site has been extremely high for the last few
months.
I installed ntop and found that http was the top talker ...but can't run
ntop for too long as I don't have enough memory on the server...as a
result i am only getting brief snapshots of my network usage [:(]
I am also running webalizer and other squid log analyzing software and
have found the top users connecting to odd sites via odd ports. here is
a sample of the reports
ACCESSED SITE CONNECT BYTES %BYTES IN-CACHE-OUT USED TIME MILISEC %TIME
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-download_microsoft_com.html>
download.microsoft.com <http://download.microsoft.com> 24 9.418.948
1.46% 100.00% 0.00% 00:01:52 112.847 0.00%
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-80_7_8_38_4660.html>
80.7.8.38:4660 <http://80.7.8.38:4660> 21 9.252.496 1.44% 0.00% 100.00%
03:24:38 12.278.775 0.10%
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-82_48_17_148_4663.html>
82.48.17.148:4663 <http://82.48.17.148:4663> 27 8.770.325 1.36% 0.00%
100.00% 01:22:00 4.920.548 0.04%
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-83_33_192_223_4665.html>
83.33.192.223:4665 <http://83.33.192.223:4665> 22 8.134.394 1.26% 0.00%
100.00% 01:20:31 4.831.163 0.04%
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-82_51_9_119_6246.html>
82.51.9.119:6246 <http://82.51.9.119:6246> 20 8.082.783 1.26% 0.00%
100.00% 00:50:17 3.017.871 0.03%
date/time
<http://zeus.wits.ac.za/squid-reports/24May2004-25May2004/ttchem.clint-65_25_54_110_4665.html>
65.25.54.110:4665 <http://65.25.54.110:4665>
The above is from one of the top five proxy users in my network...but i
see these types of repeated connections (to various sites) coming from
many of my other clients.
I suspect that these weird outgoing connections could be causing my
outgoing traffic graph to be high.
Can a squid guru out there tell me if i'm on the right track and if
there is anything in squid.conf i can do to stop these automated
requests.
TIA.
Rgds,
Hement Gopal
Received on Wed May 26 2004 - 09:02:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:02 MDT