We have a lot of strange log entry in our NetScreen FireWall:
------------------------------------------------
Nov 12 11:42:51 172.20.125.1 NSNAME: NetScreen device_id=NSNAME [MYISP]system-notification-00257(traffic): start_time="2003-11-12 11:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 src zone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0 src=62.XX.YYY.ZZZ dst=80.58.50.239 src_port=80 dst_port=20158
------------------------------------------------
* 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves static pages.
* All the NICs have Public IP Address.
Internet | | NetScreen | | Alteon(load balance) |_____________________ | | | | Apache1 ... ApacheN
Do you know why Apache has this behavior? Why Apache initiates the connections with src_port 80 and random dst_port?
Thanks in advance
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
