Hi Elsen, "TCP_MISS:DIRECT" is a standard ?
-----Mensagem original-----
De: Diamond King [mailto:mercyful_fated@yahoo.com]
Enviada em: segunda-feira, 10 de janeiro de 2005 11:03
Para: Elsen Marc; squid-users@squid-cache.org
Assunto: RE: [squid-users] CONNECT issues
I`ve checked the configuration file and it seems
that only port 443 and 563 were connected to SSL_Ports
acl rule. What's the usage of port 563 anyway? By the
way, any other way to check what exactly those logs
for? is it attempt by kazaa users? Thanks again!
Brian
--- Elsen Marc <elsen@imec.be> wrote:
>
>
> >
> > Dear all,
> >
> > Recently, i became aware that a number of my
> users
> > started to use kazaa and those other tunnel
> software
> > as well. I checked the access.log files and came
> > across these logs :-
> >
> > 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800]
> > "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223
> > TCP_MISS:DIRECT
> > 192.168.25.220 - - [10/Jan/2005:11:24:39 +0800]
> > "CONNECT 4.16.112.104:1214 HTTP/1.0" 0 0
> TCP_MISS:NONE
> > 192.168.21.23 - - [10/Jan/2005:11:24:42 +0800]
> > "CONNECT 65.32.244.27:3697 HTTP/1.0" 200 212
> > TCP_MISS:DIRECT
> > 192.168.25.55 - - [10/Jan/2005:11:24:45 +0800]
> > "CONNECT 24.166.75.223:1214 HTTP/1.0" 200 221
> > TCP_MISS:DIRECT
> > 192.168.25.55 - - [10/Jan/2005:11:24:46 +0800]
> > "CONNECT 66.139.108.167:1340 HTTP/1.0" 200 227
> > TCP_MISS:DIRECT
> >
> >
> > If you noticed carefully, the logs sometimes has
> the
> > value of TCP_MISS:DIRECT and some of them are
> > TCP_MISS:NONE.
> >
> >
> > I`ve been trying to track down the source of the
> > problem. They are using hopster and etc. It seems
> like
> > they know the existant of Squid server here and
> try to
> > take advantage of it.Could some one point me how
> to
> > get rid of these things? thanks!
> >
>
> The SSL_Ports acl in squid.conf(.default), can be
> used to allow
> the list of ports allowed for 'CONNECT'. Make sure
> that , for instance,
> port 443 is the only port allowed for the connect
> method.
>
> M.
>
__________________________________
Do you Yahoo!?
All your favorites on one personal page - Try My Yahoo!
http://my.yahoo.com
Atenção: Esta mensagem foi enviada para uso exclusivo do(s) destinatários(s) acima
identificado(s), podendo conter informações e/ou documentos
confidencias/privilegiados e seu sigilo é protegido por lei.
Caso você tenha recebido por engano, por favor, informe o remetente e apague-a de
seu sistema.
Notificamos que é proibido por lei a sua retenção, disseminação, distribuição, cópia ou
uso sem expressa autorização do remetente.
Opiniões pessoais do remetente não refletem, necessariamente, o ponto de vista da
CETIP, o qual é divulgado somente por pessoas autorizadas.
Attention: This message was sent for exclusive use of the addressees above
identified, being able to contain information and or privileged/confidential documents
and law protects its secrecies.
In case that you it has received for deceit, please, it informs the shipper and erases it
of your system.
We notify that law forbids its retention, dissemination, distribution, copy or use without
express authorization.
Personal opinions of the shipper do not reflect, necessarily, the point of view of the
CETIP, which is only divulged by authorized people.
Received on Mon Jan 10 2005 - 06:18:20 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST