Security Incidents: RE: strange apache log entry

["Kurc, Marcin A." <makurc () cooperstandard com>]

::1 = 127.0.0.1
ipv6     ipv4

nothing unusual, Apache is logging ipv6.

Marcin Kurc
CAD Systems Administrator
Cooper-Standard Automotive 

-----Original Message-----
From: narga () gmx net [mailto:narga () gmx net]
Sent: Saturday, August 10, 2002 11:50 AM
To: incidents () securityfocus com
Subject: strange apache log entry


Yesterday I saw this in my logs (apache 2.0.39 acces_log):
::1 - - [10/Aug/2002:00:25:56 +0200] "CONNECT :::2121 HTTP/1.1" 400 267
::1 - - [10/Aug/2002:00:33:31 +0200] "CONNECT :::2121 HTTP/1.1" 400 267

error_log:
[Sat Aug 10 00:25:56 2002] [error] [client ::1] request failed: error
reading the 
headers
[Sat Aug 10 00:33:31 2002] [error] [client ::1] request failed: error
reading the 
headers

It seems like someone wants to connect to my port 2121 through a proxy. The
strange 
thing is, that there isn't any ip. My firewall (SuSEfirewall, an ipchains
based 
firewall from suse), didn't log anything, snort didn't log anything too. I
wasn't 
able to reproduce this by sending the request manually to port 80.

My question: is this a bug in apache, or what else happened?

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com