On Sunday, November 20, 2005 1:30 PM, suppressed wrote:
Ahh yes, I have just realised that the connections from localhost will be Ron's "check if site is up" script which runs every minute as a cron job.Number of TCP and UDP connections for each IP, grouped by state 3 our_website's_IP CLOSE_WAIT 3 our_website's_IP FIN_WAIT2 10 hackers_IP CLOSE_WAIT There were also another 6 connections where the foreignaddress was actually the same as local address i.e. both were the IP address of the website - I am not sure why localhost would have a connection open to itself - I am intrigued, but I am sure it is not relevant to the server going down.
BTW, I have noticed that Apache 1.3.34 has recently been released to fix a security flaw:
"If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks."
Could this be related to the website hanging?"mitigating some HTTP Request Splitting/Spoofing attacks" - I am not sure exactly what this means - is it a "must do/urgent" upgrade? Thanks
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.