It's regarding active fingerprinting and mitigating attacks, not just it's passive use. (Sorry for the dbl send)
On Oct 30, 2017 21:41, "Alex Rousskov" <rouss...@measurement-factory.com> wrote: > On 10/30/2017 12:15 PM, Andrei wrote: > > You do realize that there's nothing "weird" about p0f, right? > > Right. I do not know why you had to ask though: There is nothing related > to p0f (i.e., a passive traffic analysis tool) in my response. And the > original question is probably unrelated to p0f as well since active > connection resets are incompatible with the idea of passive analysis. > > Alex. > > > > > On Mon, Oct 30, 2017 at 11:22 AM, Alex Rousskov wrote: > > > > On 10/30/2017 03:51 AM, Troiano Alessio wrote: > > > > > I've squid 3.5.20 running on RHEL 7.4. I have a problem to access > > > some websites, for example www.nato.int <http://www.nato.int>. > This website apply an > > > Anti-DDoS system that reset the first connection after the TCP > 3-way > > > handshake (SYN/SYN-ACK/ACK/RST-ACK). All subsequent TCP connections > > > are accepted. The website administrator say's it is by design. > > > > > > > When I browse the site with squid proxy the browser receive an > "Empty > > > Response" squid error page (HTTP error code 502 Bad Gateway) and > > > doesn't do the automatic retry: > > > > This is by design as well :-). > > > > We can change Squid behavior to retry connection resets, but I am > sure > > that some folks will not like the new behavior because in _their_ use > > cases a retry is wasteful and/or painful. IMHO, the new behavior > should > > be controlled by a configuration directive, possibly an ACL-driven > one. > > > > Quality patches implementing the above feature should be welcomed > IMO. > > The tip of the relevant code is probably in ERR_ZERO_SIZE_OBJECT > > handling inside FwdState::fail(). There is a similar code that > handles > > persistent connection races there already, but the zero-size reply > code > > may need a new dedicated FwdState flag to prevent infinite retry > loops > > when the origin server is broken (a much more typical use case than > the > > weird attempt at DDoS mitigation that you have described above). > > > > https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_ > add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
