If the IP address was staying the same, you could easily add a reference to /etc/hosts.deny But since you state that this is not the case it will all be a little trickier. There is no relevance as to whether the IP addresses can resolve into host names or not.
I would suggest that the best solution would be to firewall off the ports that squid uses on your box from unauthorized users. How you go about this is dependent on what kernel you are using and where your firewall is. If you need squid to be accessible from the outside world, you may want to consider adding authentication to squid to stop random hippies using your squid/bandwidth instead. I believe this is made possible through ACL (Access control Lists) in the most part. Looking through /etc/squid.conf here shows me that you can make ACL's to limit access to certain IP's by the time of day etc. There is a setting called authenticate_program in my squid.conf file. What it does is supply the authenticate program and a password list for all the valid users. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 5 December 2001 12:21 PM To: Debian Security Subject: Squid security Recently, I had someone trying to browse the web from one of our servers via squid. Luckily, I didn't need squid for this machine, so I took it off and emailed the hostmaster of the domain the person was doing it from..luckily the IP address was the same. i also managed to get the IP address blocked by our ISP. On another server, which I have squid running and want running, I keep getting accesses from http://service.bfast.com/bfast/serve and someone seems to be accessing web pages late at night when everyone has gone home. Trouble is, the IP addresses that access squid don't have host names (ie. they don't exist) and they keep changing. Is there any way to block access to this and is there a good FAQ, etc. It seems strange though, as the access is every few minutes and the pages accessed have ads involved,while the first person (above) was accessing squid regularly in spurts. Thanks Robert.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
