Apache 1.1.1 wants to connect to 141.211.144.40

Apache 1.1.1 wants to connect to 141.211.144.40

Post by Al Youngwert » Sat, 14 Dec 1996 04:00:00



I just installed Apache 1.1.1 on a fresh Linux 2.0.25 kernel machine
setup with masquerading (kinda like NAT) and connected to the Internet
via a 28.8 modem with diald (an autodialer). The Linux firewall was
setup to block all incoming traffic below port 1024 (I tested this by
trying to telnet to port 80 from the Internet, it was denied). I was
using Apache in this case as an "intranet server".

I had one PC connected to the LAN that the linux box was on. I went to
test the new Apache server by opening up IE 3.0 on the PC. The IE 3.0
default page was www.microsoft.com, so the linux box fired up the dialer
to connect to the Internet before I could stop IE from loading the M$
page.

I connected IE to the linux Apache server and loaded a couple of pages
that we're on the local server. I went to get a cup of coffee and when I
came back, the linux box was still connected to the Internet (the dialer
should have timed out and disconnected by that point).

The dialer said it was keeping the connection alive because the Apache
server was communicating with the IP address 141.211.144.40 once per
minute. (Unfortunately, I didn't have tcpdump on the linux machine so I
couldn't see what it was sending). 141.211.144.40 is
www-personal.umich.edu. I've never been to this location, ever! What
ever connection it was making to this site was brief, because I never
caught it with a netstat. After about an hour of this, Apache stopped
connecting to this site and the dialer shutdown. Apache's access and
error logs showed nothing about connecting to the site 141.211.144.40.

The other interesting thing to note is that there we're a bunch of
masqueraded entries from the PC running IE 3.0 that showed it had tried
to connect to bogus IP addresses. I shut down IE right after I noticed
this problem and all the masq'd entries timed out but Apache kept
connecting.

Is there some code buried in Apache 1.1.1 that tries to send data to
this site? Is there a bug in IE 3.0 that might do this? I don't think
it's a virus, that PC is running the latest copy of McAffee.

I can add a firewall rule in my ip-up script to block this sort of thing
but I'd like to understand what's going on. Any advice to further
diagnose this problem is greatly appreciated.

TIA,

Al Youngwerth

P.S. I have the following modules loaded in Apache

LoadModule alias_module /usr/lib/apache/modules/mod_alias.so
LoadModule userdir_module /usr/lib/apache/modules/mod_userdir.so
LoadModule cgi_module /usr/lib/apache/modules/mod_cgi.so
LoadModule auth_module /usr/lib/apache/modules/mod_auth.so

 
 
 

1. Lilo "L 40 40 40 40 40 40..."

Greetings,

I have set up a Linux From Scratch system on a 1.2Gb Maxtor hard drive. It
works fine on my two Athlon systems, but when I put the drive in my Pentium
100, the system results in "L 40 40 40 40 40 40..." before showing the Lilo
menu.

My Lilo.conf contains the "lba32" entry which should mean this would work,
but it doesn't.

Any ideas?

Regards,
Jon

2. Problem with device installer package "module"

3. LILO saying "L 40 40 40 40 40 40..."

4. Help?? How can i mount the other partion at user??

5. Lilo spits "L 40 40 40 40"...

6. looking for linux embedded system

7. Wanted: at dialer for Boca Modem 144

8. Third party spoolers

9. Connecting Hayes SmartModem OPTIMA 144 to RS6K

10. Linux LILO Booting L 40 40 40...

11. JDK 141 and Jboss

12. sar out put error 0551-211

13. Just started and idle-time is 211 days!??