RE: Need some help please...

Tue, 27 Apr 1999 18:17:16 -0700 

Seems like their Cacheflow proxy servers are giving you a bad header. I
think it's not a coincidence that all three of the IP's you listed at
machines utilizing the Cacheflow proxy technology. I doubt you are being
attacked.

I wouldn't worry about these particular errors at all. Worst case
scenario, the browsers at the other end aren't able to attatch to your
web server, and the person they complain to is the person administering
the Cacheflow device. Then someone else is responsible for getting rid
of the problem.

If you want to take action, I would use a DNS-lookup (nslookup, or
various tools) to find a technical contact name and call the person and
report the errors. That may help them properly configure their devices.

Dave Shackelford
IP Network Engineer
MCSE, MCT, MA
[EMAIL PROTECTED]
(714) 872-2344
'Good, Fast, Cheap. Pick two.'

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 27, 1999 9:38 AM
> To: [EMAIL PROTECTED]
> Subject: Need some help please...
> 
> 
> To all,
>     Please forgive me if this is not appropriate for this 
> list, but the
> webmaster group doesn't have a clue about security.
> 
>     I've been seeing the following in my http error logs lately:
> 
>             [Mon Apr 19 18:30:28 1999] RP3: Info: The request header
> 'XXXXXXXXXXXXXXX' is not formatted correctly.  This request 
> header will
> be skipped.
> 
> The error message is always exactly the same.
> 
> There has been no "one" IP address that's been sending this.  
> Neither is
> there any consistency (i.e. time, day of week, etc.)
> 
> But, about 95% of the time it comes from the following addresses:
> 
> cacheflow1.gw.utexas.edu [129.116.78.130]
> 
> flowbie2-outside.csc.com [192.251.173.34]
> 
> cacheflow.insync.net [209.113.31.202]
> 
> Question:  Is someone trying to blow up my CGI stuff?
>                 Is this something that certain browsers just "send"
> along with valid requests?  (like favicon.ico showing up 
> because a IE5.0
> sets me as a favorite)
> 
> Please help folks.
> 
> Thanks in advance,
> Michael Sorbera
> Webmaster/security guy/network engineer/whatever else needs to be
> done...
> Randolph-Brooks Federal Credit Union
> 
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to