AOL "proxy" behavior?

From: Michael B. Morell (MMorellat_private)
Date: Mon Aug 19 2002 - 12:32:26 PDT

  • Next message: Richard Gilman: "RE: Increased IIS scans mainly on - Update"

    I was wondering if anyone can verify a pattern that I just came across.
    While it appears that there was no attempted intrusion or invalid requests
    One of my webservers reported very heavy incoming traffic for a specific /16
    The netblock is owned by AOL (195.73.x.x/16).  I received about 20-30
    requests (albeit valid requests) from what looked like 20 sequential hosts
    from within that block.  Further inspection of the logs though showed that
    it was from really 1 session (validated thru aspsession identifier).
    So my question is, does anyone know whether or not that this is some sort of
    valid AOL proxy behavior where a request for a single page can go thru
    multiple proxies?  Spawning multiple proxies to request information that
    generally only 1 proxy would get.  (ie, a request for a web page resulted in
    3 different hosts getting different parts of the page, all off of the same
    aspsession id)
    Or am I just high.
    Like I said before, there was no invalid requests, port scans or anything
    else out of the ordinary, except that 1 page request spawned so many
    different hosts located in the same netblock requesting web services.
    I haven't seen this behavior before coming from AOL, or I just never
    realized it before.
    Thanks for the insight anyone has to offer.
    Michael B. Morell
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 13:51:29 PDT