Jeff Trawick wrote: ~snip~
%a is supposed to be an IP address, so what IP address is "::"? I'm only somewhat familiar with IPv6 but I've never seen "::" before.http://en.wikipedia.org/wiki/IPv6_address#Notation One or any number of consecutive groups of zero value may be replaced with two colons. [ ... ] The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively.and it is bogus to have the unspecified address as the client IP address
and if you check MS' RPC mechanism it uses 0.0.0.0 for the ip address to glom onto ANY available ip address. That suggests that the client giving the :: address is most likely a bot of some sort. it could be a legitimate bot for an rpc mechanism, or it could be [ seems more likely ] to be one meant to find an exploitable weakness.
or, the client could be using an anonymizer service before getting to the OPs site.
many reasons that it could be the ip unspecified address, only a few of which are cause for concern to the server admin.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|