[squid-users] New exploit? Two squid proxies simultaneously spike to 99 percent CPU utilization.

From: Spam <[email protected]>
Date: Mon, 11 Oct 2004 14:49:25 -0700

This is freaky.

I use Big Sister to monitor my networks. Earlier today, I began
getting CPU utilization messages on two of my proxies. Each proxy was
reporting 99 percent utilization, caused by the squid process. These =
proxies
are located at completely different businesses located on opposite ends =
of
town, and they have no affiliation with each other.

I investigated for a few hours and I couldn't find a reason. The
access logs weren't excessive and there didn't seem to be a lot of =
traffic
through the proxies.

Then I looked at my big sister trend logs and really freaked out. They =
both
started spiking at almost EXACTLY the same time and in EXACTLY the same =
pattern.
To see what I mean, check out the patterns:

http://www.corn-bread.org/admintest.bmp
http://www.corn-bread.org/rudolph.bmp

Note that the times, severity of the spike, etc are roughly the same.

Both systems are redhat 9 running squid rpms (squid-2.5.STABLE1-3.9).

I can post my squid.confs if needed.

Any known issues right now?

Thanks.
Scott.
Received on Mon Oct 11 2004 - 14:49:55 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST