Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Feb 2000 22:03:14 -0800 (PST)
From:      daniel B <danielb@pacex.net>
To:        freebsd-isp@freebsd.org
Subject:   Weird Apache access log files
Message-ID:  <Pine.BSF.4.10.10002022149560.61385-100000@almazs.pacex.net>

next in thread | raw e-mail | index | archive | help
Hi Felas;
I was going through some of the access log for one of our website and I
get a lot of these:

205.188.209.244 - - [02/Feb/2000:07:49:37 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.244 - - [02/Feb/2000:07:49:37 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.244 - - [02/Feb/2000:07:49:38 -0800] "GET / HTTP/1.0" 200 6146
.
.
.

205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:26 -0800] "GET / HTTP/1.0" 200 6146
.
.
.
now look at this:
1-lm     6144/udp   #StatSci License Manager - 1
statsci2-lm     6145/tcp   #StatSci License Manager - 2
statsci2-lm     6145/udp   #StatSci License Manager - 2
lonewolf-lm     6146/tcp   #Lone Wolf Systems License Manager
lonewolf-lm     6146/udp   #Lone Wolf Systems License Manager
montage-lm      6147/tcp   #Montage License Manager
montage-lm      6147/udp   #Montage License Manager
ricardo-lm      6148/tcp   #Ricardo North America License Manager
ricardo-lm      6148/udp   #Ricardo North America License Manager
xdsxdm          6558/tcp
xdsxdm          6558/udp
acmsoda         6969/tcp
acmsoda         6969/udp
afs3-fileserver 7000/tcp   #file server itself
afs3-fileserver 7000/udp   #file server itself
:q!
% login danielb
Password:
Last login: Wed Feb  2 15:00:21 on ttyv4
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 3.4-RC (AL-KERNEL) #0: Sat Dec 18 12:27:28 PST 1999
  PINE 4.10   COMPOSE MESSAGE                       Folder: INBOX  4
Messages

.
.
.

205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:26 -0800] "GET / HTTP/1.0" 200 6146
.
.
.
now look at this:
	% nslookup 205.188.209.244


	Name:    stress-dt03.proxy.aol.com
	Address:  205.188.209.244

and;
	% nslookup 205.188.209.240


	Name:    cache-dt12.proxy.aol.com
	Address:  205.188.209.240

These requests are realy flooding my webserver should I block the above
two IPs at the firewall? what is aol trying to do??


Thanks 

Dan



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002022149560.61385-100000>