Re: [squid-users] ACL to protect squid box

From: Tom Frankus <[email protected]>
Date: Fri, 4 Jun 2004 18:25:50 +0500

Hi,

No, This is not for windowsupdates. its a request from infected systems
only. This request never fulfill. It send thousand requests on my squid box
and my squid box got dead. Its not a valid URL.

I have blocked this URL, and user can still update their windows.

How can we block these kinds of invalid URLs.

Thanks,

Tom Frankus

----- Original Message -----
From: "Kareem Mahgoub" <kashraf@thewayout.net>
To: "Tom Frankus" <tomfrankus@go.net.pk>; "squid-users"
<squid-users@squid-cache.org>
Sent: Thursday, June 03, 2004 5:25 PM
Subject: Re: [squid-users] ACL to protect squid box

> Hi,
> I am sorry if I would sound silly, but isn't this URL for windowsupdate??
> Which is normal to change the name of the exe file according to the state
> of
> the windows being patched.
> For me it is not a virus, in fact not doing this ( updating Windows) is
the
> real threat you are facing.
> Regards,
> Kareem
>
> ----- Original Message -----
> From: "Tom Frankus" <tomfrankus@go.net.pk>
> To: "Muthukumar" <kmuthu_gct@hotmail.com>; "squid-users"
> <squid-users@squid-cache.org>
> Sent: Thursday, June 03, 2004 2:41 PM
> Subject: Re: [squid-users] ACL to protect squid box
>
>
> >
> > Hi,
> > I got these kind of requests with change of file name everytime. I think
> > this is some kind of virus attack
> >
> >
>
http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/Q832894_a56d1a98d775e1031c72934a0baa9d7.exe
> >
> > Thanks,
> >
> > Tom Frankus
> >
> >
> > ----- Original Message -----
> > From: "Muthukumar" <kmuthu_gct@hotmail.com>
> > To: "Tom Frankus" <tomfrankus@go.net.pk>; "squid-users"
> > <squid-users@squid-cache.org>
> > Sent: Thursday, June 03, 2004 2:43 PM
> > Subject: Re: [squid-users] ACL to protect squid box
> >
> >
> > >
> > >
> > > >
> > > > Hi,
> > > >
> > > > I'm getting a lot of requests for this url.
> > >
> > > What are the requests? Can you specify that?
> > >
> > > > I think this request from some
> > > > virus.
> > >
> > > You can scan every http requests using viralator tool.
> > > http://viralator.loddington.com/
> > >
> > > > I want to block these kinds of wrong urls. And implement more
> > > > security on my squid box.
> > >
> > > You can use squidguard for more security.
> > > http://www.squidguard.org/
> > >
> > > Regards,
> > > Muthukumar.
> > >
> > >
> > >
> > >
> > > ---
> > > =============== It is a "Virus Free Mail" ===============
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.693 / Virus Database: 454 - Release Date: 5/31/2004
> > >
> > >
> >
> >
>
>
Received on Fri Jun 04 2004 - 07:25:50 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT