On Fri, 2005-02-25 at 20:10 +1100, Andrew Bartlett wrote:
> On Tue, 2005-02-15 at 00:13 +0100, Henrik Nordstrom wrote:
> > On Tue, 15 Feb 2005, Andrew Bartlett wrote:
> >
> > > I'm not sure (and I won't be onsite today). The other details are:
> > >
> > > Client: Mozilla Firefox (post 1.0 snapshot)
> > > Authenticated with NTLM
> > >
> > > This is over the past 2 weeks worth of logs, so I'm not sure if it
> > > happens 'often' (and I've yet trawled the logs for a 'normal' case on
> > > this URL).
> >
> > Just to be sure you may want to upgrade to 2.5.STBLE8 (and maybe the
> > released critical bugfix at the same time). There was a HTTP protocol
> > corruption bugfix between 2.5.STABLE8-RC4 and 2.5.STABLE8, and a critical
> > old bug discovered just after the release.
> >
> > >From an inital analysis it does not look like the HTTP protocol corruption
> > bug could possibly trigger on this object however, and cerainly not in a
> > manner triggering the given symptoms.. but you never know.
>
> After updating to STABLE8 and the post-patches, I got another in my mail
> today, and it's always the same site:
>
> 1109296746.064 9824 xxxxxxxx.client.internal.hawkerc.net
> TCP_MISS/179897680 1618 GET
> http://pimg.163.com/search_js/so_sports_icon.gif xxxxxxx
> DIRECT/61.177.95.40 text/html
Just an interesting note - I've just seen this on all 3 client
platforms. WinXP (MSIE), Win2k (firefox) and Linux (Mozilla 1.7). The
mozilla client isn't doing NTLM (ident or basic auth).
Andrew Bartlett
-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:04 MST
