Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: foreign HTTP requests

From: sevo () IP23 NET (Sevo Stille)
Date: Tue, 20 Jun 2000 14:33:08 +0200

Daniel Docekal wrote:


Well, ideas are always present - imho it is bug in O/S resolver which keeps
somehow and sometime sending request to "previous" visited web site - what
bugs me is that this is NOT particular to some browser nor some platform.
Since we are getings THOUSANDS of these request a day (we run web with some
million of hits a day) i have tried to look for pattern in UserAgent - and
there is none. This bug is in Netscape/microsoft as well as in
Unix/Windows....


Which makes a client error less likely. It may mean it is a problem with
proxies, load balancers, some DNS, or your routers. The latter would
imply that the address on at least one side is local to you, which is
reasonably easy to verify. DNS errors might be harder to check - but
lookups on the local DNS of the affected clients ought to give a
misdirection to your site at least in some instances, if you do them
reasonably close to the event. To eliminate proxies (or to put a name to
the responsible software), you could log the proxy via's. If it should
be a transparent proxy or load distributor, that won't help though.

Sevo

--
sevo () ip23 net
Previous By Date Next
Previous By Thread Next

Current thread: