LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-18-2007, 12:04 PM   #1
Ammad
Member
 
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 522

Rep: Reputation: 31
squid and spy controlling


dear all,
after monitoring SARG (squid reports), i saw very strange output there are alot of user's computer that are going to download some gif or other file from p.yimg.com, x.yimg.com , l.yimg.com, while checking the overall size of donwloading, i got alot of systems were donwloading 80-400 MB daily(each system).
there are 40-60 systems on network. After monitoring each system physically, result was no one visiting to yahoo site but access log shows that system is visiting and donwloading content from yahoo site.

so i blocked this using acl of squid. but now user are complaining that are not ablt to sign-in to yahoo mail, messenger.

Is there any way to block spyware using squid. or best anit-spyware to control these issues.

thanks.
 
Old 11-26-2007, 01:56 AM   #2
alonelion
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
I have the same problem on my network, but there is some computers downloading about 10 GB(!!!) daily from these addresses. iptraf shows 2,5-3Mbps traffic from these computers but users don't know nothing about that. Can be that any kind of malware using yahoo domain? Please excuse my bad english and thank you all in advance.
 
Old 11-26-2007, 10:37 PM   #3
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
@ ammad :

it can be your squid doesnt perform well anymore.
yahoo! is advertising-based services. my experience is squid only keeps gifs from port 80 traffic - but not from 5050 as in messenger.
so the work around maybe only to limit messenger access.

@ alone :
it seems malware to me - do virus scanning.

but overall - myself also seems to find bugs in yahoo webmessenger - where i see it become very non-stop chatters when it comes active. cant configure what that was all about thou.

hth.
 
Old 11-27-2007, 01:48 PM   #4
alonelion
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
Hi again,
I have blocked traffic to and from IP 87.248.125.47 and and i have no more "fake traffic" but now is not working the new yahoo mail (classic mail still working normally and messenger too). Is not a good solution but...i have not another one better...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The Spy Act U.S. Only xor General 16 05-09-2007 02:53 AM
controlling ports other than 80 with squid hacidayi Linux - Networking 1 09-08-2006 12:37 PM
Serial port spy alanchansl Linux - Software 5 06-14-2006 08:55 PM
If root becomes a SPY :-O Nad0xFF Linux - Security 21 04-08-2005 01:11 PM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 06:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration