RE: [squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking

This is a discussion on RE: [squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking within the Squid Users forums, part of the Web Server and Related Forums category; =20 >=20 > New to the list. I'm sorry if this stuff is covered in a=20 > ...


Go Back   Usenet Forums > Web Server and Related Forums > Squid Users

Reload this Page RE: [squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-25-2004
Elsen Marc
 
Posts: n/a
Default RE: [squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking

=20
>=20
> New to the list. I'm sorry if this stuff is covered in a=20
> list FAQ somewhere
> that I'm unable to find. I have 3 main questions about the=20
> wonderful squid
> cache.

FAQ :

http://www.squid-cache.org/Doc/FAQ/FAQ.html


>=20
> 1. I want to analyze my squid logs graphically in terms of TCP_HIT,
> TCP_MEM_HIT
> and other codes from the logs. I'm sure there's something=20
> out there to do
> it already that I'm just not aware of.

Look for various tools available in :

http://www.squid-cache.org/Scripts/

Also check the squid FAQ as on how to use Squid with MRTG.


>=20
> 2. Also, we've been feeling the brunt of all the new Welchia=20
> variants that
> try
> port 80 attacks through random, high-frequency portscanning,=20
> which saps our
> squid caches of file descriptors. From doing some previous=20
> list reading, I
> have set half_closed_connections to off, as well as client_persistent
> connections to off. I didn't turn server_persistent to off,=20
> because, well,
> it sounds important. Am I being a pansy for not doing this? I'm also

Although a personal opinion ; I think so yes. The kind of attacks
you describe should be handled by perimeter firewalling =
infrastructure.
If you have a good fw. setup then for instance port scans should not =
be
able to reach your squid box. Also that in particular is not much =
related
to fd. usage as squid only listens on one port.
Meaning that resource exhausting attacks on squid would have in any
case be http-'applicated' based.

=20


> curious how these settings help the file descriptor problem,=20
> as they sound
> like they adjust network connection behaviour as opposed to=20
> anything that
> impacts file descriptors. Can anyone shed light on how this=20
> works? Also,
> would there be any reason a service provider with many=20
> diversely screwed-up
> operating systems and corresponding screwed-up browsers would=20
> not want to
> muck with these Squid settings?
>=20
> 3. Why is the squid cache so slow when I use diskd? What=20
> guidelines do all
> of you use for large caches (>20GB) in terms of directory=20
> structure, memory
> options, and diskd/no diskd, ufs/no ufs?

Well, read the FAQ part on diskd. Diskd often
requires OS related tuning.

M.

>=20
> Thanks,
>=20
> Paul
>=20
>=20
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:00 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0