Re: Firewall shows 80 in/out, Apache shows nothing
On Mon, 11 Jun 2001, Deocs Postmaster wrote: The following is from my firewall log file: Incoming: 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] Outgoing: 06/11/2001 19:19:59 192.168.1.100 == 200.4.193.240[3268] My Apache logs don't show any traffic for 200.4.193.240, but does show the other hit-by-hit traffic. This particular hit was from Peru. I recall seeing the same thing from China earlier. How did it go in and out, but not show up in any Apache log files? Well, this has nothing to do with mod_ssl, but to answer your question, this would happen anytime somebody connects to your server and disconnects before making an actual HTTP request. Maybe they STARTED to make one and disconnected mid-request. --Cliff -- Cliff Woolley [EMAIL PROTECTED] Charlottesville, VA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Firewall shows 80 in/out, Apache shows nothing
On Mon, 11 Jun 2001, Deocs Postmaster wrote: The following is from my firewall log file: Incoming: 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] Outgoing: 06/11/2001 19:19:59 192.168.1.100 == 200.4.193.240[3268] My Apache logs don't show any traffic for 200.4.193.240, but does show the other hit-by-hit traffic. This particular hit was from Peru. I recall seeing the same thing from China earlier. How did it go in and out, but not show up in any Apache log files? Well, this has nothing to do with mod_ssl, but to answer your question, this would happen anytime somebody connects to your server and disconnects before making an actual HTTP request. Maybe they STARTED to make one and disconnected mid-request. Thanks for the reply, I may have been ambiguous in my email. The incoming firewall shows four hits and the outgoing shows one reply. None of the Apache log files show any traffic to or from 200.4.193.240. Would the outgoing traffic be present if they disconnected mid-request? My security concern is that it appears that some message was sent to port 80 on the server, and that computer appears to have replied, but I can't see in the log files that Apache was the program that replied. So what program on the server sent the outgoing message? Thanks, Dave (I sent a similar reply earlier, but it hasn't surfaced yet) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Firewall shows 80 in/out, Apache shows nothing
Dave, Unfortunately, those firewall logs are all but worthless as they don't detail what type of packet is being sent and what the reply is, nor the source port for the reply. Trying to ascertain what's going on here without real packet data is akin to looking at railroad tracks and wondering which way the train went. --dsp Deocs Postmaster wrote: On Mon, 11 Jun 2001, Deocs Postmaster wrote: The following is from my firewall log file: Incoming: 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] 06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80] Outgoing: 06/11/2001 19:19:59 192.168.1.100 == 200.4.193.240[3268] My Apache logs don't show any traffic for 200.4.193.240, but does show the other hit-by-hit traffic. This particular hit was from Peru. I recall seeing the same thing from China earlier. How did it go in and out, but not show up in any Apache log files? Well, this has nothing to do with mod_ssl, but to answer your question, this would happen anytime somebody connects to your server and disconnects before making an actual HTTP request. Maybe they STARTED to make one and disconnected mid-request. Thanks for the reply, I may have been ambiguous in my email. The incoming firewall shows four hits and the outgoing shows one reply. None of the Apache log files show any traffic to or from 200.4.193.240. Would the outgoing traffic be present if they disconnected mid-request? My security concern is that it appears that some message was sent to port 80 on the server, and that computer appears to have replied, but I can't see in the log files that Apache was the program that replied. So what program on the server sent the outgoing message? Thanks, Dave (I sent a similar reply earlier, but it hasn't surfaced yet) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]