Identical traffic

Posted by Walter White on Server Fault See other posts from Server Fault or by Walter White
Published on 2010-06-08T15:14:54Z Indexed on 2010/06/08 15:23 UTC
Read the original article Hit count: 501

Hi all,

I am running an application server and logging all requests for analysis purposes later. One interesting trend I noticed last night was, I had a visitor from Texas on FIOS share identical traffic with bluecoat in California.

What would cause the traffic to be identical? For every request the visitor made, bluecoat made one subsequently within milliseconds of his request. If it is caching, why would there be identical requests? Wouldn't it go through the cache / proxy on their end, and I would only see the proxied request?

I'm just curious, this is an interesting pattern that shows similarities of a DDoS attack, but with far fewer resources. Is it possible that the visitor had malware on their computer?

Any other ideas?

Walter

© Server Fault or respective owner

Related posts about security

Related posts about proxy