> This is freaky.
>
> I use Big Sister to monitor my networks. Earlier today, I began
> getting CPU utilization messages on two of my proxies. Each proxy was
> reporting 99 percent utilization, caused by the squid process. These =
> proxies
> are located at completely different businesses located on
> opposite ends =
> of
> town, and they have no affiliation with each other.
>
> I investigated for a few hours and I couldn't find a reason. The
> access logs weren't excessive and there didn't seem to be a lot of =
> traffic
> through the proxies.
>
> Then I looked at my big sister trend logs and really freaked
> out. They =
> both
> started spiking at almost EXACTLY the same time and in
> EXACTLY the same =
> pattern.
> To see what I mean, check out the patterns:
>
> http://www.corn-bread.org/admintest.bmp
> http://www.corn-bread.org/rudolph.bmp
>
> Note that the times, severity of the spike, etc are roughly the same.
>
>
> Both systems are redhat 9 running squid rpms (squid-2.5.STABLE1-3.9).
>
> I can post my squid.confs if needed.
>
> Any known issues right now?
I got it too.
Quite remarkable; perhaps it is not an exploit but due to a chunk
of the Internet becoming available , making SQUID check on
hanging connections. I don't know.
Some insights may perhaps come from , when it happens again :
% squid -k debug ; sleep 2; squid -k debug
Check cache.log afterwards.
M.
