Re: [squid-users] This is a attack?

From: huang mingyou <[email protected]>
Date: Fri, 27 Oct 2006 18:32:54 +0800

hello:
   I use this funtion get the data from squid.
getdata(){
        squidclient -T 5 -h $1 -p 80 cache_object://${1}/client_list
2>/dev/null|grep -e "Address:" -e "\<HTTP Requests\>"|awk
'BEGIN{RS="Address:"}{print $1" -"$4}'
        }

And the data like this. I compare the requests every 5 minutes.

Address: 58.211.184.102
Name: 58.211.184.102
Currently established connections: 0
    ICP Requests 0
    HTTP Requests 2
        TCP_MISS 1 50%
        TCP_MEM_HIT 1 50%

On 27/10/06, Mark Elsen <mark.elsen@gmail.com> wrote:
> > hello,list.
> > I use the cache manager account that some ip had made more
> > than 1000 requests in 5 minutes. But I can't find any log about this
> > ip in my squid access.log. and can't detect any package relation this
> > ip use the snort or tcpdump tools.
> > Why? who can help me!
> >
>
> Could you show us the specific output from cachengr, which you
> are seeing ?
>
> M.
>

-- 
Huang Mingyou
Received on Fri Oct 27 2006 - 04:33:03 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:05 MST