1 Reply Latest reply on Mar 14, 2014 11:04 AM by Jon Scholten

    255.255.255.255 as source ip in access log

    itagsupport

      Hi everybody,

       

      in the access.log, we discovered that for certain URLs the source ip is 255.255.255.255:

       

      [12/Mar/2014:07:42:42 +0100] "e6063" 255.255.255.255 200 "GET http://www.cellartracker.com/sbbi/?sbbpg=cprcs HTTP/1.1" "Software/Hardware" "Minimal Risk" "image/png" 420 803 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Tablet PC 2.0)" "" "0"

       

      [12/Mar/2014:13:20:23 +0100] "e6495" 255.255.255.255 200 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 307 2941 "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0" "" "0"

       

      [14/Mar/2014:08:21:51 +0100] "lga3051" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 965 "Mozilla/5.0 (compatible; MSIE 9.0; W ndows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:08:25:05 +0100] "vpa1709" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1198 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0" "" "0"

       

      We saw this at different customers with 7.3.2.3 and 7.3.2.6.

      All the different URL have the same subsite "/sbbi/?sbbpg=cprcs".

       

      BUT: if you access the URL directly, my correct ip is in the log:

       

      [root@sec-gate01 access.log]# grep "/sbbi/?sbbpg=cprcs" access.log

      [14/Mar/2014:08:21:51 +0100] "lga3051" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 965 "Mozilla/5.0 (compatible; MSIE 9.0; W ndows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:08:25:05 +0100] "vpa1709" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1198 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0" "" "0"

      [14/Mar/2014:08:31:59 +0100] "" 255.255.255.255 407 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5144 1930 "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0 " "" "0"

      [14/Mar/2014:08:31:59 +0100] "" 255.255.255.255 407 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5157 2014 "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0 " "" "0"

      [14/Mar/2014:08:31:59 +0100] "gpa1660" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 456 2382 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:09:01:12 +0100] "enu1420" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 460 951 "Mozilla/5.0 (compatible; MSIE 9.0; W ndows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:09:12:42 +0100] "ita9000" 172.22.2.10 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 655 328 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2 .0) Gecko/20100101 Firefox/22.0" "" "0"

      [14/Mar/2014:09:19:03 +0100] "" 172.22.2.10 407 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5138 324 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0" "" "0"

      [14/Mar/2014:09:19:03 +0100] "" 172.22.2.10 407 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5151 408 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0" "" "0"

      [14/Mar/2014:09:19:03 +0100] "ita9000" 172.22.2.10 407 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5145 788 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/2 .0" "" "0"

      [14/Mar/2014:09:19:03 +0100] "" 172.22.2.10 407 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "" "-" "" 5151 408 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0" "" "0"

      [14/Mar/2014:09:19:03 +0100] "ita9000" 172.22.2.10 200 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 340 764 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22. ) Gecko/20100101 Firefox/22.0" "" "0"

      [14/Mar/2014:10:16:30 +0100] "lab1484" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 460 1205 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:11:01:58 +0100] "sew1659" 255.255.255.255 200 "GET http://www.manta.com/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 340 2798 "Mozilla/5.0 (compatible; MSIE 9.0; Wi dows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:11:05:51 +0100] "fge1930" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1497 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:11:09:41 +0100] "tgi1783" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1114 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:11:36:32 +0100] "lsk1747" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 460 1656 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:11:57:54 +0100] "vpa1709" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1211 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0" "" "0"

      [14/Mar/2014:12:09:20 +0100] "anp1877" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 460 1087 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [14/Mar/2014:13:27:01 +0100] "vpa1709" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 460 1199 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0" "" "0"

      [14/Mar/2014:15:25:28 +0100] "fge1930" 255.255.255.255 200 "GET http://www.homegate.ch/sbbi/?sbbpg=cprcs HTTP/1.1" "Business" "Minimal Risk" "image/png" 461 1513 "Mozilla/5.0 (compatible; MSIE 9.0;  indows NT 6.1; WOW64; Trident/5.0)" "" "0"

      [root@sec-gate01 access.log]#

       

      Does anybody know, where and why this 255. ip is coming from?

       

      TIA!

       

      Andreas