Re: [squid-users] New exploit? Two squid proxies simultaneously spike to 99 percent CPU utilization.

From: <[email protected]>
Date: Mon, 11 Oct 2004 16:00:59 -0500

This is strange, I saw the same thing happen today on our Squid server.
It's just
a single with no peers, but usage went from it's normal 18% to 99% and
stayed
there for more than an hour.

Logs looked normal, and couldn't see anything specifically causing the
load spike.

Bill

"Spam" <spam@corn-bread.org>
10/11/04 04:49 PM

To
<squid-users@squid-cache.org>
cc

Subject
[squid-users] New exploit? Two squid proxies simultaneously spike to 99
percent CPU utilization.

This is freaky.

I use Big Sister to monitor my networks. Earlier today, I began
getting CPU utilization messages on two of my proxies. Each proxy was
reporting 99 percent utilization, caused by the squid process. These =
proxies
are located at completely different businesses located on opposite ends =
of
town, and they have no affiliation with each other.

I investigated for a few hours and I couldn't find a reason. The
access logs weren't excessive and there didn't seem to be a lot of =
traffic
through the proxies.

Then I looked at my big sister trend logs and really freaked out. They =
both
started spiking at almost EXACTLY the same time and in EXACTLY the same =
pattern.
To see what I mean, check out the patterns:

http://www.corn-bread.org/admintest.bmp
http://www.corn-bread.org/rudolph.bmp

Note that the times, severity of the spike, etc are roughly the same.

Both systems are redhat 9 running squid rpms (squid-2.5.STABLE1-3.9).

I can post my squid.confs if needed.

Any known issues right now?

Thanks.
Scott.
Received on Mon Oct 11 2004 - 15:02:07 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST