On Wed, 14 Apr 2004, pmquan wrote:

> But it is impossible with me, i have more than 4'000 concurrent clients
> infected with this virus. I cant firewall all of them and they are using
> dynamic ip address. Do you have another way?

iptables patch-o-matic has a match which could help in making a generic
firewall rule blocking misbehaving stations.. just make sure to make
reasonable exceptions for any child caches you may have.

also make sure to use "half_closed_clients off" in squid.conf

Use of proxy authentication should also quite effectively stop these
worms, but will cost you quite a bit of CPU time on the proxy server..

In any event you need to make sure to have the infected stations cleaned
one way or another.

Regards
Henrik