Re: [squid-users] weird traffic coming from my squid box to clients on port 3128

From: Bostonian <ygwen77_at_gmail.com>
Date: Mon, 2 Feb 2009 18:50:47 -0800

I am a newbie here. Does "doing interception on inbound connections"
mean that my squid box intercepts the client's request and returns the
traffic from port 3128? Is this the normal way through which squid
returns the request to its clients?
Thank you.

On Mon, Feb 2, 2009 at 6:35 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Dear All:
>>
>> I am running a squid 3.0 on a centos box and set it as
>>
>> http_port 3128 transparent
>>
>> It has been working well for a while. Then I noticed a traffic spike.
>> tcpdump shows
>> that there are a lot of traffic from port 3128 to other clients. I
>> have disabled incoming
>> traffic to 3128 from outside.
>>
>> What could be the reason? Someone hacked my cache?
>>
>> Best Regards,
>> Young Wen
>>
>
> Perhapse you are doing interception on inbound connections somehow?
> NAT will break past the firewall in that case.
>
> Amos
>
>
>
Received on Tue Feb 03 2009 - 02:50:51 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 04 2009 - 12:00:01 MST