Apache question

To: debian-isp@lists.debian.org, debian-security@lists.debian.org
Subject: Apache question
From: Eduard Ballester <ballester@ipsistemas.com>
Date: Wed, 12 Nov 2003 13:48:40 +0100
Message-id: <[🔎] 3FB22C28.7010605@ipsistemas.com>

Hi

We have a lot of strange log entry in our NetScreen FireWall:
------------------------------------------------

Nov 12 11:42:51 172.20.125.1 NSNAME: NetScreen device_id=NSNAME[MYISP]system-notification-00257(traffic): start_time="2003-11-1211:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 srczone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0src=62.XX.YYY.ZZZ dst=80.58.50.239 src_port=80 dst_port=20158

------------------------------------------------

* 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves staticpages.

* All the NICs have Public IP Address.


Internet
  |
  |
NetScreen
  |
  |
Alteon(load balance)
  |_____________________
  |       |       |     |
Apache1  ...           ApacheN

Do you know why Apache has this behavior? Why Apache initiates theconnections with src_port 80 and random dst_port?


Thanks in advance

Reply to:

Follow-Ups:
- Re: Apache question
  - From: Lukas Ruf <ruf@rawip.org>
- Re: Apache question
  - From: Lars Ellenberg <l.g.e@web.de>
- Re: Apache question
  - From: fra-ds-no-spam@tourde.org (François TOURDE)
- Re: Apache question
  - From: Jay Kline <debian-security.list@slushpupie.com>

Prev by Date: Re: tiger stops sending reports
Next by Date: Re: Apache question
Previous by thread: Re: tiger stops sending reports
Next by thread: Re: Apache question
Index(es):
- Date
- Thread