Security Incidents mailing list archives
Re: AOL "proxy" behavior?
From: Jeff Jirsa <jeff () unixconsults com>
Date: Mon, 19 Aug 2002 14:08:30 -0700 (PDT)
On Mon, 19 Aug 2002, Michael B. Morell wrote:
The netblock is owned by AOL (195.73.x.x/16). I received about 20-30 requests (albeit valid requests) from what looked like 20 sequential hosts from within that block. Further inspection of the logs though showed that it was from really 1 session (validated thru aspsession identifier). So my question is, does anyone know whether or not that this is some sort of valid AOL proxy behavior where a request for a single page can go thru multiple proxies? Spawning multiple proxies to request information that generally only 1 proxy would get. (ie, a request for a web page resulted in 3 different hosts getting different parts of the page, all off of the same aspsession id)
Completely normal. From one of the sites I administer (in standard apache combined format) : cache-rc02.proxy.aol.com - - [17/Aug/2002:21:03:27 -0700] "GET / HTTP/1.0" cache-rc01.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file1.jpg HTTP/1.0" cache-rg04.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file2.jpg HTTP/1.0" cache-rg03.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file3.jpg HTTP/1.0" cache-rm04.proxy.aol.com - - [17/Aug/2002:21:03:35 -0700] "GET /file4.jpg HTTP/1.0" cache-rm05.proxy.aol.com - - [17/Aug/2002:21:03:36 -0700] "GET /menu2.swf HTTP/1.0" cache-rc08.proxy.aol.com - - [17/Aug/2002:21:03:46 -0700] "GET /file6.jpg HTTP/1.0" I've trimmed the referrer and useragent fields, but they seem to be valid as well. - Jeff Jirsa -- Jeff Jirsa jeff () unixconsults com -- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- AOL "proxy" behavior? Michael B. Morell (Aug 19)
- Re: AOL "proxy" behavior? Mike Arnold (Aug 20)
- Re: AOL "proxy" behavior? Jeff Jirsa (Aug 20)
- Re: AOL "proxy" behavior? Kurt Seifried (Aug 20)