Here Guys:
i believe that people who deployed netscreen are quite sure in what they are
doing and a friendly notice should not sound like a complaint to u but instead
become a solid ground to understanding what could go wrong. Ofcourse if they
proudly told you that they ARE using the
Hi Nash,
I'm not sure I really understand what you're up to. In any case, let me
clarify that my whole intention was to get a better understanding of
what had happened there. In the end, I don't want my server to produce
alarms at other people's sites. I tried to find the cause of the problem
on
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 21, 2006 12:43 AM
To: Clemens Renner
Cc: freebsd-security@freebsd.org
Subject: Re: Port scan from Apache?
Clemens Renner wrote:
Hi everyone,
today I got
Hello.
The version of a user (behind their firewall) visiting your site, and
badly configured stateful firewall timeout can be checked: just look at
the logs of your Apache.
But if it turns out that none of their users had touched your website at
that time, then I think one more reason is quite
Danil V. Gerun [EMAIL PROTECTED] wrote:
BTW, isn't it impossible for Apache (if it's running from non-root)
to make connections from his port 80?
Normally Apache doesn't make connections (unless you use
mod_proxy, and in that case it doesn't use port 80 as the
source port). It rather accepts
Clemens Renner [EMAIL PROTECTED] wrote:
thank you for your sympathy and your thorough comments. :) I had that
specific feeling when I read the mail for the first time. I'll try
reducing the keepalive time to get rid of further complaints.
Which means reducing the efficiency of your
On Wed, 19 Jul 2006 09:34:46 +0200 (CEST)
Oliver Fromme [EMAIL PROTECTED] wrote:
Danil V. Gerun [EMAIL PROTECTED] wrote:
BTW, isn't it impossible for Apache (if it's running from non-root)
to make connections from his port 80?
Normally Apache doesn't make connections (unless you use
Oliver Fromme wrote:
I'll try
reducing the keepalive time to get rid of further complaints.
Which means reducing the efficiency of your service for
_all_ users just because _one_ firewall admin has no clue.
I wouldn't do that.
In theory, you are right and it does sound like a bad
Clemens Renner wrote:
Hi everyone,
today I got an e-mail from a company claiming that my server is doing
port scans on their firewall machine. I found that hard to believe so
I started checking the box.
The company rep told me that the scan was originating at port 80 with
destination port
On Tuesday, 2006-07-18 at 18:11:50 +0200, Clemens Renner wrote:
[Root]system-alert-00016: Port scan! From $my-server-ip:80 to
$their-server-ip:8254, proto TCP (zone Untrust, int ethernet1). Occurred
1 times.
With IPFilter, I often see dangling FINs in the log. These occur when
the TCP
On Tue, Jul 18, 2006, Clemens Renner wrote:
today I got an e-mail from a company claiming that my server is doing
port scans on their firewall machine. I found that hard to believe so I
started checking the box.
Do you have mod_proxy or other modules with proxy functionality in your
web
Clemens Renner wrote:
Hi everyone,
today I got an e-mail from a company claiming that my server is doing
port scans on their firewall machine. I found that hard to believe so I
started checking the box.
The company rep told me that the scan was originating at port 80 with
destination port
12 matches
Mail list logo
