[Ukfreebsd] Portsnap Servers Problems
RW
rwmaillists at googlemail.com
Sat Jan 21 14:58:59 GMT 2012
On Sat, 21 Jan 2012 14:04:27 +0000
Sevan / Venture37 wrote:
> On 20/01/2012 22:10, Robert N. M. Watson wrote:
> > Hi Kevin:
> >
> > Colin reports that the portsnap server in question is running a
> > stock Apache install -- so really nothing or unusual at all. That
> > leads me to wonder (a) if Snort is doing something a bit odd or (b)
> > there's some proxy/cache/firewall between you and the portsnap
> > server that is manipulating the connection in a way that upsets
> > Snort?
> >
> > Robert
>
> Hiya,
> freebsd-update has a flag for use in environments with IDS's, does
> portsnap behave in any way similar to it which would require a
> similar feature?
I would presume that's to do with it updating binaries, the problem
here seems to be with missing http headers. The portsnap server should
add either a Transfer-Encoding header or a Content-Length header
(although it's only a SHOULD rather than a MUST).
Presumably the header is either falling-off in a proxy or snort is
misreading it since it is there:
$ wget -S http://portsnap1.FreeBSD.org/pub.ssl
--2012-01-21 14:48:08-- http://portsnap1.freebsd.org/pub.ssl
Resolving portsnap1.freebsd.org (portsnap1.freebsd.org)...
208.86.224.118 Connecting to portsnap1.freebsd.org
(portsnap1.freebsd.org)|208.86.224.118|:80... connected. HTTP request
sent, awaiting response... HTTP/1.1 200 OK
Date: Sat, 21 Jan 2012 11:30:57 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2
Last-Modified: Sat, 21 Jan 2012 11:22:01 GMT
ETag: "e609b-1c3-4b7080194e840"
Accept-Ranges: bytes
Content-Length: 451
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
Length: 451 [text/plain]
Saving to: `pub.ssl'
More information about the Ukfreebsd
mailing list