Anyone seeing a lot of these in their webserver logs? 208.202.180.4 - - [18/Sep/2001:11:19:31 -0700] "-" 408 - I'm attempting to pattern match this on my cisco so I can drop the packets at the front door. I can't seem to get a good pattern. Firing up snoop yields: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 262 arrived at 11:35:57.88 ETHER: Packet size = 60 bytes ETHER: Destination = 8:0:20:9d:e1:8a, Sun ETHER: Source = 0:1:96:24:c2:41, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 40 bytes IP: Identification = 19380 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 122 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 5ca8 IP: Source address = 208.178.66.12, 208.178.66.12 IP: Destination address = 208.178.117.2, Espresso.NEEBU.Net IP: No options IP: TCP: ----- TCP Header ----- TCP: TCP: Source port = 3082 TCP: Destination port = 80 (HTTP) TCP: Sequence number = 1100924065 TCP: Acknowledgement number = 2712346555 TCP: Data offset = 20 bytes TCP: Flags = 0x10 TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 0... = No push TCP: .... .0.. = No reset TCP: .... ..0. = No Syn TCP: .... ...0 = No Fin TCP: Window = 8760 TCP: Checksum = 0x6128 TCP: Urgent pointer = 0 TCP: No options TCP: HTTP: ----- HTTP: ----- HTTP: HTTP: "" HTTP: 0: 0800 209d e18a 0001 9624 c241 0800 4500 .. ......$.A..E. 16: 0028 4bb4 4000 7a06 5ca8 d0b2 420c d0b2 .(K.@.z.\...B... 32: 7502 0c0a 0050 419e c4a1 a1ab 1fbb 5010 u....PA.......P. 48: 2238 6128 0000 0000 0000 0000 "8a(........ -- /*====================[ Jake Khuon <khuon@GBLX.Net> ]======================+ | Chief Global Data Network Management Architect /~_ |_ () |3 /-\ |_ | | VOX: +1 (425) 391-2262 Fax: +1 (425) 391-6772 \_| C R O S S I N G | +=============[ 900 4th. Ave., Floor 12, Seattle, WA 98164 ]=============*/