[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Do I have a Squid problem???

Subject: RE: [cobalt-developers] Do I have a Squid problem???
From: "Peter" <peter@xxxxxxxxxxx>
Date: Mon May 5 10:12:07 2003
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

>Hi all,
>        I have a Qube 3 at home...
>
>        Recently I notice that my cable-modem activity
>light was flashing quite a lot. I then looked at
>netstat -n and found a huge number of hosts being
>connected to my system. Do I have to say I was not
>expecting this as I was not even running netscape on
>my pc, nor did I on any system I have at home?
>
>        I then tried to block connection from the
>network where these hosts were from but gave up since
>I was now at more than 150 entries in the firewall
>table to be banned! I then decided to act differently
>and block all the port I was not using explicitly and
>allowing only the http port, telnet, ftp and about 5
>others like nameservers etc. I was still getting lots
>of traffic I was not expecting...
>
>        So I went on the internet and got "sniffit",
>installed it and ran it to find out packets were
>coming and going to SQUID, or the cache server that
>runs on the QUBE. I'm sure it has to do with it since
>the port showed in sniffit is 3128 which happens to be
>the one configured in the squid config file...
>
>         When I stop the squid server the traffic goes
>down a lot but I still see some packets going around
>with sniffit eventhough I can't see any connection
>with netstat. At least the packet rate/length is a lot
>smaller than when it is active...
>
>         Does anyone know of virus that attacks squid?
>I found a packet that was coming from Davnet saying I
>was banned on their server because of advertisement
>sent to their network, on wich I have never
>connected... They were recommending me to do a
>virus/trojan scan on my system...
>
>         How can I be sure squid works fine? I can't
>believe it should cache stuff while I'm not active on
>the internet!
>
>         Thanks all for your help!
>
>         Denis

I believe that some people from the outside use your 
Qube as a Proxy which explains why you IP is blocked 
by davnet. I always recommend to use a Router/Firewall
instead of plugging in the modem directly to the Server.
D-Link has some good and cheap Router/Firewall devices
and you can configure them pretty easy, even with a DMZ
if you want (D-Link DI-704P).
Peter
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.476 / Virus Database: 273 - Release Date: 4/24/2003

References:
- [cobalt-developers] Do I have a Squid problem???
  - From: Denis Martin

Prev by Date: Re: [cobalt-developers] Do I have a Squid problem???
Next by Date: Re: [cobalt-developers] Cobalt GUI
Previous by thread: Re: [cobalt-developers] Do I have a Squid problem???
Next by thread: [cobalt-developers] Cobalt GUI

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index