Hi Rob, i asked about this a ways back and got nada from the group but here's what I have learnt since:
The unix experts where I work could not really explain it to me but did show what was happening. lots of web sites have one address as a front door that you first connect to and they then redirect the connection to those same ports that were opened but from another IP address. I think its so that they can have specific IPs deal with specific requests. I also get this all the time in my log. It seems to be mainly associated with secure transactions but not always. Amazon certainly does it as does hotmail. The part I don't understand is why there is not some kind of redirection message sent back to our hosts so that they can open up the connection from our end. I tried to track if there was any RIP messages associated but didn't trap any. Also I was thinking that there might be some tricky way to set a filter that would allow redirects but only from the same IP block. Not sure what the security implicationjs of that would be... perhaps some knowledgable person here can help us gain insight.... -- On Sat, 26 Feb 2000 11:49:13 Rob Genovesi wrote: >Send postings to: [EMAIL PROTECTED] >Access the list archives at: >http://www.gnatbox.com/gb-users/ >---------------------------------- >My turn to ask .... why do so many webservers try to make connections back >to the clients? My logfile fills up with plenty of the such: > >Feb 26 11:44:50 dslNAT.coastside.net FILTER: Remote access filter blocks: >TCP ed1 [208.202.218.144/80]->[63.196.11.50/41152] l=0 f=0x11. >Feb 26 11:44:52 dslNAT.coastside.net FILTER: Remote access filter blocks: >TCP ed1 [208.202.218.144/80]->[63.196.11.50/41059] l=1460 f=0x10. >Feb 26 11:44:52 dslNAT.coastside.net FILTER: Remote access filter blocks: >TCP ed1 [208.202.218.144/80]->[63.196.11.50/41059] l=837 f=0x19. > >Any guesses as to what is happening here? The site in question here is >amazon.com, but I get messages like this from all over the place. > >Thanks, > > Rob > >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message > --== Sent via Deja.com http://www.deja.com/ ==-- Share what you know. Learn what you don't.
