> This is freaky. > > I use Big Sister to monitor my networks. Earlier today, I began > getting CPU utilization messages on two of my proxies. Each proxy was > reporting 99 percent utilization, caused by the squid process. These = > proxies > are located at completely different businesses located on > opposite ends = > of > town, and they have no affiliation with each other. > > I investigated for a few hours and I couldn't find a reason. The > access logs weren't excessive and there didn't seem to be a lot of = > traffic > through the proxies. > > Then I looked at my big sister trend logs and really freaked > out. They = > both > started spiking at almost EXACTLY the same time and in > EXACTLY the same = > pattern. > To see what I mean, check out the patterns: > > http://www.corn-bread.org/admintest.bmp > http://www.corn-bread.org/rudolph.bmp > > Note that the times, severity of the spike, etc are roughly the same. > > > Both systems are redhat 9 running squid rpms (squid-2.5.STABLE1-3.9). > > I can post my squid.confs if needed. > > Any known issues right now? I got it too.
Quite remarkable; perhaps it is not an exploit but due to a chunk of the Internet becoming available , making SQUID check on hanging connections. I don't know. Some insights may perhaps come from , when it happens again : % squid -k debug ; sleep 2; squid -k debug Check cache.log afterwards. M.