>On Mon, 11 Jun 2001, Deocs Postmaster wrote:
>
> > The following is from my firewall log file:
> >
> > Incoming:
> > 06/11/2001 19:19:59 200.4.193.240[3268] ==> 192.168.1.100[80]
> > 06/11/2001 19:19:59 200.4.193.240[3268] ==> 192.168.1.100[80]
> > 06/11/2001 19:20:00 200.4.193.240[3268] ==> 192.168.1.100[80]
> > 06/11/2001 19:20:00 200.4.193.240[3268] ==> 192.168.1.100[80]
> >
> > Outgoing:
> > 06/11/2001 19:19:59 192.168.1.100 ==> 200.4.193.240[3268]
> >
> > My Apache logs don't show any traffic for 200.4.193.240, but
> > does show the other hit-by-hit traffic. This particular hit was
> > from Peru. I recall seeing the same thing from China earlier.
> >
> > How did it go in and out, but not show up in any Apache log files?
>
>
>Well, this has nothing to do with mod_ssl, but to answer your question,
>this would happen anytime somebody connects to your server and disconnects
>before making an actual HTTP request. Maybe they STARTED to make one and
>disconnected mid-request.
Thanks for the reply, I may have been ambiguous in my email.
The incoming firewall shows four hits and the outgoing shows
one reply. None of the Apache log files show any traffic
to or from 200.4.193.240. Would the outgoing traffic be present
if they disconnected mid-request?
My security concern is that it appears that some message was sent
to port 80 on the server, and that computer appears to have replied,
but I can't see in the log files that Apache was the program that
replied. So what program on the server sent the outgoing message?
Thanks,
Dave
(I sent a similar reply earlier, but it hasn't surfaced yet)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
