Boosten, Peter wrote:
> I seem to have been a bit premature: The problem even got worse.
> Now we've got, instead of one strange IP-address, several strange (mostly
> random) IP-addresses in our logfiles. Only one IP-address shows some
> resemblance with the IP-address we've discovered earlier (it used to be
> 132.120.4.8, now it is 96.120.4.8).
>
> The other IP-addresses are mostly non-existing IP-addresses (those
> starting/ending with zero):
> 0.101.207.22, 0.128.119.8, 0.145.227.13, 0.147.162.11, 0.148.72.9,
> 0.15.207.22, 0.152.179.8,
> 0.154.179.8, 0.159.160.8, 0.16.77.11, 0.162.114.8, 0.162.223.8, 0.162.9.14,
> 0.168.192.8,
> 0.17.125.13, 0.185.181.10, 0.188.113.8, 0.189.113.8, 0.190.143.22,
> 0.190.181.10, 0.192.199.22,
> 0.198.201.10, 0.203.201.10, 0.219.193.15, 0.222.199.22, 0.228.129.13,
> 0.228.250.19, 0.235.194.10, 0.237.194.10, 0.240.79.9, 0.247.123.8,
> 0.248.108.8, 0.3.24.9, 0.31.125.13, 0.33.176.9, 0.42.3.18, 0.50.190.8,
> 0.59.190.8, 0.61.150.8, 0.71.65.18, 0.85.194.15, 0.87.62.17, 144.119.225.0,
> 212.66.6.160, 96.120.4.8
>
> Now this quote:
> # # More likely the site is making HTTP calls back to your proxy for some
> # # reason.
>
> isn't valid anymore (it wasn't to begin with), because non of the
> IP-addresses (as well as the original trouble-IP-address) host webservers.
>
> How about other people start checking the IP-addresses in their logs?
I doubt that will bear any fruit. If this were a common situation
dating all the way back to Squid 2.4STABLE2, we would have heard about
it long ago from everybody and their brother. Nope, this isn't a common
Squid 'bug', if it is a Squid bug at all rather than a network
configuration issue.
(And I can say that it doesn't impact any of the 30+ servers that I
maintain.)
> Disclaimer
> 1. This e-mail is for the intended recipient only. If you have received it
> by mistake please let us know by reply and then delete it from your system;
> access, disclosure, copying, distribution or reliance on any of it by anyone
> else is prohibited.
>
> 2. If you as intended recipient have received this e-mail incorrectly,
> please notify the sender (via e-mail) immediately. This e-mail is
> confidential and may be legally privileged. DSM does not guarantee that the
> information sent and/or received by or with this e-mail is correct and does
> not accept any liability for damages related thereto.
Top secret emails, eh?
-- Joe Cooper <joe@swelltech.com> http://www.swelltech.com Web Caching Appliances and SupportReceived on Thu Mar 28 2002 - 04:19:09 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:10 MST