> From: suppressed [mailto:interchange-users- > suppressed On Behalf Of John1 > Sent: Sunday, November 20, 2005 5:56 AM > > On Sunday, November 20, 2005 1:30 PM, suppressed wrote: > > > Number of TCP and UDP connections for each IP, grouped by state > > 3 our_website's_IP CLOSE_WAIT > > 3 our_website's_IP FIN_WAIT2 > > 10 hackers_IP CLOSE_WAIT > > > > There were also another 6 connections where the foreign > > address was actually the same as local address i.e. both were the IP > > address > > of the website - I am not sure why localhost would have a connection > open > > to > > itself - I am intrigued, but I am sure it is not relevant to the server > > going down. > > > Ahh yes, I have just realised that the connections from localhost will be > Ron's "check if site is up" script which runs every minute as a cron job. > > BTW, I have noticed that Apache 1.3.34 has recently been released to fix a > security flaw: > > "If a request contains both Transfer-Encoding and Content-Length headers, > remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing > attacks." > > Could this be related to the website hanging? > > "mitigating some HTTP Request Splitting/Spoofing attacks" - I am not sure > exactly what this means - is it a "must do/urgent" upgrade? Thanks If we have the same issue then 1.34 will not resolve the problem. We have seen the site go down both with 1.33 and 1.34. At first I thought it was 1.34 causing the problem since we upgraded that a few weeks ago, but I downgraded and still had the issue. -Ron _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.