RE: Weird Incoming IP's and port numbers.

From: NESTING, DAVID M (SBCSI) (dn3723@sbc.com)
Date: 08/27/01 

Message-ID: <B165A21236E7D411A8B90002A52C5871E49DB9@msgstl08.sbc.com>
From: "NESTING, DAVID M (SBCSI)" <dn3723@sbc.com>
To: incidents@securityfocus.com
Subject: RE: Weird Incoming IP's and port numbers.
Date: Mon, 27 Aug 2001 16:47:43 -0500

This looks to me like a badly configured HTTP server farm. You're probably
hitting a web site that passes the request back to a set of servers using
RFC1918 addresses. These servers should in theory either proxy their
results back through the same path, or be NAT'd back to the source IP that
you were attempting to connect to.

I've seen this pretty frequently with a few web hosting companies.
Fortunately the connection attempt keeps retransmitting and I eventually get
through to a server that responds from the correct source IP. Every time
I've noticed this I've e-mailed the provider and have never gotten a
response. I don't recall the name of the site, but it was reasonably
high-profile. I wonder if it's the same provider you're hitting.

Does this sound consistent?

David

-----Original Message-----
From: West P. [mailto:god-admin@home.com]
Sent: Sunday, August 26, 2001 21:21
To: incidents@securityfocus.com
Subject: Weird Incoming IP's and port numbers.

DATE TIME SCR SCR_PORT DEST DEST_PORT
08/25/2001 13:24:52 192.168.1.8 80 <my ip address> 3976
08/25/2001 19:04:42 192.168.1.16 80 <my ip address> 4319
08/25/2001 23:25:38 192.168.1.9 80 <my ip address> 4450

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Configuring SBS to allow Remote Access
    ... definitely will continue to host the website elsewhere as ... pointing to the SBS server. ... >Port 80 does not need to be opened just to use RRW. ... >else host your web site or but the web site on a ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: sbs 2008 - no Internet access possible to 2nd server
    ... IIS can have security flaws and if your webserver gets compromised, it is better to have that server on its own network so the baddies don't get back to your LAN. ... I have had clients, in the past insist that I use the 'free' port forwarding setup. ... Agree with Larry that it is not a good practice to publish web site in the ...
    (microsoft.public.windows.server.sbs)
  • Re: WWW Server(WXP Pro) -- Error on Default Web Sites
    ... Please try changing the site to use another port ... Start a Web Site ... I get "unable to start debugging on the web server. ... I have uninstalled and reinstalled IIS to no effect. ...
    (microsoft.public.windows.server.setup)
  • RE: SBS 2003 Reporting - error message
    ... I have an SBS server with the same issue and tried Crina's suggestion below ... We have a web site that is running on port 80 so I changed ... If I change the DWS back to port 80, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: ASP.NET Website Project
    ... To specify the Web server for an already-created Web site, ... development server starts and it assigns a random port to the web ...
    (microsoft.public.dotnet.framework.aspnet)