From owner-freebsd-isp  Wed Feb  2 22: 3:12 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156])
	by builder.freebsd.org (Postfix) with ESMTP id 76F494251
	for <freebsd-isp@freebsd.org>; Wed,  2 Feb 2000 22:03:08 -0800 (PST)
Received: from localhost (danielb@localhost)
	by almazs.pacex.net (8.9.3/8.9.3) with ESMTP id WAA61426
	for <freebsd-isp@freebsd.org>; Wed, 2 Feb 2000 22:03:14 -0800 (PST)
Date: Wed, 2 Feb 2000 22:03:14 -0800 (PST)
From: daniel B <danielb@pacex.net>
To: freebsd-isp@freebsd.org
Subject: Weird Apache access log files
Message-ID: <Pine.BSF.4.10.10002022149560.61385-100000@almazs.pacex.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi Felas;
I was going through some of the access log for one of our website and I
get a lot of these:

205.188.209.244 - - [02/Feb/2000:07:49:37 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.244 - - [02/Feb/2000:07:49:37 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.244 - - [02/Feb/2000:07:49:38 -0800] "GET / HTTP/1.0" 200 6146
.
.
.

205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:26 -0800] "GET / HTTP/1.0" 200 6146
.
.
.
now look at this:
1-lm     6144/udp   #StatSci License Manager - 1
statsci2-lm     6145/tcp   #StatSci License Manager - 2
statsci2-lm     6145/udp   #StatSci License Manager - 2
lonewolf-lm     6146/tcp   #Lone Wolf Systems License Manager
lonewolf-lm     6146/udp   #Lone Wolf Systems License Manager
montage-lm      6147/tcp   #Montage License Manager
montage-lm      6147/udp   #Montage License Manager
ricardo-lm      6148/tcp   #Ricardo North America License Manager
ricardo-lm      6148/udp   #Ricardo North America License Manager
xdsxdm          6558/tcp
xdsxdm          6558/udp
acmsoda         6969/tcp
acmsoda         6969/udp
afs3-fileserver 7000/tcp   #file server itself
afs3-fileserver 7000/udp   #file server itself
:q!
% login danielb
Password:
Last login: Wed Feb  2 15:00:21 on ttyv4
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 3.4-RC (AL-KERNEL) #0: Sat Dec 18 12:27:28 PST 1999
  PINE 4.10   COMPOSE MESSAGE                       Folder: INBOX  4
Messages

.
.
.

205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:25 -0800] "GET / HTTP/1.0" 200 6146
205.188.209.240 - - [02/Feb/2000:11:56:26 -0800] "GET / HTTP/1.0" 200 6146
.
.
.
now look at this:
	% nslookup 205.188.209.244


	Name:    stress-dt03.proxy.aol.com
	Address:  205.188.209.244

and;
	% nslookup 205.188.209.240


	Name:    cache-dt12.proxy.aol.com
	Address:  205.188.209.240

These requests are realy flooding my webserver should I block the above
two IPs at the firewall? what is aol trying to do??


Thanks 

Dan



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message