I asked:
>My logs say someone's apparent 'cache' server is poking at the UDP echo port
>(7) on my Web site. Is anyone aware of a WWW proxy or caching implmentation
>that engages in this behavior?
The short answer is that the Harvest cache does this. A few folks commented
that I should have UDP echo disabled, in light of recent CERT advisories on
the topic. In point of fact, I do, and I noted the occurences when I turned
on logging of denied packets in my border router.
Joe Ramey contributed some more detailed information:
http://excalibur.usc.edu/cache-html/subsection3_2_1.html#SECTION0002100000000000
000
Additionally, a cache option can be enabled that tricks the
referenced URL's home site into implementing the resolution
protocol. When this option is enabled, the cache sends a ``hit''
message to the UDP echo port of the object's home machine. When the
object's home echos this message, it looks to the cache like a hit,
as would be generated by a remote cache that had the object. This
option allows the cache to retrieve the object from the home site
if it happens to be closer than any of the sibling or parent
caches.
Thanks go out to:
"Axel Schneider" <axel @
osa .
com .
au>
Eric Wieling <ewieling @
hephaestus .
icorp .
net>
James R Grinter <jrg @
gbnet .
net>
Jas (Matthew K) <matt @
maverick .
itd .
uts .
edu .
au>
Joe Ramey <ramey @
csc .
ti .
com>
Jonny Llama <llama @
ra1 .
randomc .
com>
Mustapha Obeid <musta @
eve .
info .
umoncton .
ca>
Reagan Blundell <reagan @
opennet .
net .
au>
carson @
lehman .
com
treahy @
ix .
netcom .
com (Barry Treahy)
--
Scott Hazen Mueller | scott @
zorch .
SF-Bay .
ORG or tandem!zorch!scott
|
|
