Hi
We have a lot of strange log entry in our NetScreen FireWall:
------------------------------------------------
Nov 12 11:42:51 172.20.125.1 NSNAME: NetScreen device_id=NSNAME
[MYISP]system-notification-00257(traffic): start_time="2003-11-12
11:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 src
zone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0
src=62.XX.YYY.ZZZ dst=80.58.50.239 src_port=80 dst_port=20158
------------------------------------------------
* 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves static
pages.
* All the NICs have Public IP Address.
Internet
|
|
NetScreen
|
|
Alteon(load balance)
|_____________________
| | | |
Apache1 ... ApacheN
Do you know why Apache has this behavior? Why Apache initiates the
connections with src_port 80 and random dst_port?
Thanks in advance
