Re: AOL "proxy" behavior?

From: Jeff Jirsa (jeff@unixconsults.com)
Date: 08/19/02

Previous message: Russell Fulton: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
In reply to: Michael B. Morell: "AOL "proxy" behavior?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 19 Aug 2002 14:08:30 -0700 (PDT)
From: Jeff Jirsa <jeff@unixconsults.com>
To: "Michael  B. Morell" <MMorell@vdat.com>

On Mon, 19 Aug 2002, Michael B. Morell wrote:

> The netblock is owned by AOL (195.73.x.x/16). I received about 20-30
> requests (albeit valid requests) from what looked like 20 sequential hosts
> from within that block. Further inspection of the logs though showed that
> it was from really 1 session (validated thru aspsession identifier).
>
> So my question is, does anyone know whether or not that this is some sort of
> valid AOL proxy behavior where a request for a single page can go thru
> multiple proxies? Spawning multiple proxies to request information that
> generally only 1 proxy would get. (ie, a request for a web page resulted in
> 3 different hosts getting different parts of the page, all off of the same
> aspsession id)
>

Completely normal. From one of the sites I administer (in standard apache
combined format) :

cache-rc02.proxy.aol.com - - [17/Aug/2002:21:03:27 -0700] "GET / HTTP/1.0"
cache-rc01.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file1.jpg
HTTP/1.0"
cache-rg04.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file2.jpg
HTTP/1.0"
cache-rg03.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file3.jpg
HTTP/1.0"
cache-rm04.proxy.aol.com - - [17/Aug/2002:21:03:35 -0700] "GET /file4.jpg
HTTP/1.0"
cache-rm05.proxy.aol.com - - [17/Aug/2002:21:03:36 -0700] "GET /menu2.swf
HTTP/1.0"
cache-rc08.proxy.aol.com - - [17/Aug/2002:21:03:46 -0700] "GET /file6.jpg
HTTP/1.0"

I've trimmed the referrer and useragent fields, but they seem to be valid
as well.

- Jeff Jirsa

Jeff Jirsa jeff@unixconsults.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Previous message: Russell Fulton: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
In reply to: Michael B. Morell: "AOL "proxy" behavior?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: AOL "proxy" behavior?
... > of valid AOL proxy behavior where a request for a single page can go thru ... Spawning multiple proxies to request information that ... > generally only 1 proxy would get. ... then the second had picked up the cookie of the ...
(Incidents)
Re: How to download file via HTTP?
... >> code for your request, this code however will include the HTTP Server ... >> request information BEFORE your actual request. ... Please be advised that this way of fetching files from a web site is not ...
(comp.lang.java.programmer)
Re: How to download file via HTTP?
... >> code for your request, this code however will include the HTTP Server ... >> request information BEFORE your actual request. ... Please be advised that this way of fetching files from a web site is not ...
(comp.lang.java.help)