with netstat -n |grep SYN_RECV command, it shows that a few foreign hosts
tcp 0 xx.xx.xx.xxx.3128 yy.yy.yy.yyy.1433 SYN_RECV
....
With netstat -n|grep ESTABLISHED command, it show that a few foreign host
tcp 0 xx.xx.xx.xxx.3128 zz.zz.zzz.zz1430 SYN_RECV
....
Is this normal?
On Mon, Feb 2, 2009 at 6:50 PM, Bostonian <ygwen77_at_gmail.com> wrote:
> I am a newbie here. Does "doing interception on inbound connections"
> mean that my squid box intercepts the client's request and returns the
> traffic from port 3128? Is this the normal way through which squid
> returns the request to its clients?
> Thank you.
>
> On Mon, Feb 2, 2009 at 6:35 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> Dear All:
>>>
>>> I am running a squid 3.0 on a centos box and set it as
>>>
>>> http_port 3128 transparent
>>>
>>> It has been working well for a while. Then I noticed a traffic spike.
>>> tcpdump shows
>>> that there are a lot of traffic from port 3128 to other clients. I
>>> have disabled incoming
>>> traffic to 3128 from outside.
>>>
>>> What could be the reason? Someone hacked my cache?
>>>
>>> Best Regards,
>>> Young Wen
>>>
>>
>> Perhapse you are doing interception on inbound connections somehow?
>> NAT will break past the firewall in that case.
>>
>> Amos
>>
>>
>>
>
Received on Tue Feb 03 2009 - 07:11:21 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 04 2009 - 12:00:01 MST