Dave,
Unfortunately, those "firewall logs" are all but worthless as they don't
detail what type of packet is being sent and what the reply is, nor the
source port for the reply. Trying to ascertain what's going on here
without real packet data is akin to looking at railroad tracks and
wondering which way the train went.
--dsp
Deocs Postmaster wrote:
>
> >On Mon, 11 Jun 2001, Deocs Postmaster wrote:
> >
> > > The following is from my firewall log file:
> > >
> > > Incoming:
> > > 06/11/2001 19:19:59 200.4.193.240[3268] ==> 192.168.1.100[80]
> > > 06/11/2001 19:19:59 200.4.193.240[3268] ==> 192.168.1.100[80]
> > > 06/11/2001 19:20:00 200.4.193.240[3268] ==> 192.168.1.100[80]
> > > 06/11/2001 19:20:00 200.4.193.240[3268] ==> 192.168.1.100[80]
> > >
> > > Outgoing:
> > > 06/11/2001 19:19:59 192.168.1.100 ==> 200.4.193.240[3268]
> > >
> > > My Apache logs don't show any traffic for 200.4.193.240, but
> > > does show the other hit-by-hit traffic. This particular hit was
> > > from Peru. I recall seeing the same thing from China earlier.
> > >
> > > How did it go in and out, but not show up in any Apache log files?
> >
> >
> >Well, this has nothing to do with mod_ssl, but to answer your question,
> >this would happen anytime somebody connects to your server and disconnects
> >before making an actual HTTP request. Maybe they STARTED to make one and
> >disconnected mid-request.
>
> Thanks for the reply, I may have been ambiguous in my email.
> The incoming firewall shows four hits and the outgoing shows
> one reply. None of the Apache log files show any traffic
> to or from 200.4.193.240. Would the outgoing traffic be present
> if they disconnected mid-request?
>
> My security concern is that it appears that some message was sent
> to port 80 on the server, and that computer appears to have replied,
> but I can't see in the log files that Apache was the program that
> replied. So what program on the server sent the outgoing message?
>
> Thanks,
> Dave
> (I sent a similar reply earlier, but it hasn't surfaced yet)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
