Firewall Wizards mailing list archives
Re: Does this look familiar?
From: "S. Jonah Pressman" <jonah () istar ca>
Date: Sat, 11 Dec 1999 21:10:52 -0500
Brad: 1) The IP address you specified points to a host called "ADS2". The traceroute, indeed, does point to a client of exodus.net. 2) As for the traffic on tcp/17027, you may be interested in a partenership that exists between Conducent Technologies and the PKWARE (PK-Zip) people. It's a parnership by which unregistered software can be subsidized with the inclusion of advertizing banners. In short, certain versions of PKZIP contain an "ad server" that downloads advertising to your host... click counts on the advertizing banners are sent back to Conducent. For a summary, see http://www.pkware.com/sponsors.html My advice is to deny the traffic on tcp/17027 and not even log it. Securely Yours, Jonah
I have two interesting traffic patterns showing up on my firewall logs.. 1. A few inside machines trying to intiate connections to IP addresses (216.33.199.78 for example) administered by somebody called Exodus.com on port 17027. 2. A number of external IP addresses trying to connect to my firewall on port 113 (Authentication Service?) I would like to know if anyone else has seen this and has any explanation. The firewall is blocking the 17027 connects and notifying me of the starngeness, but that is because we recently changed firewalls and significantly tightened the rules on outbound connections. I'm half tempted to open the service and sniff the traffic that happens over the connection. Any advice/insight would be greatly appreciated. Brad MacQuarrie
Current thread:
- Does this look familiar? Brad MacQuarrie (Dec 10)
- Re: Does this look familiar? S. Jonah Pressman (Dec 12)
- <Possible follow-ups>
- Re: Does this look familiar? Robert Graham (Dec 12)
- Re: Does this look familiar? Bill_Royds (Dec 12)
- Re: Does this look familiar? Bill_Royds (Dec 13)