RE: Possible variant of Blaster/Nachi/Welchia? (more)

["David Gillett" <gillettdavid () fhda edu>]

  I haven't seen this phenomenon recently, but 3-4 years ago 
I was routinely seeing AOL IP addresses show up our corporate 
LAN, especially Monday morning.  The MAC addresses would 
*usually* trace back to a laptop that someone had taken home
over the weekend, but not always.

David Gillett


> -----Original Message-----
> From: Jeff Kell [mailto:jeff-kell () utc edu]
> Sent: September 26, 2003 16:05
> To: Incidents
> Subject: Re: Possible variant of Blaster/Nachi/Welchia? (more)
>
>
> The best answer I have heard thus far came from Jon Lewis 
> <jlewis () lewis org> who said:
>
> > Dialup doesn't have to be involved.  Apparently the AOL 
> software when used 
> > across the internet gives the user's PC an AOL IP address, and for 
> > whatever reason, packets sourced from that address will 
> leak out the PC's 
> > ethernet without going through whatever sort of tunnel the 
> AOL software 
> > sets up.  On the private network where I helped track it 
> down, it was 
> > upsetting their firewall, which thought the packets were spoofed.
>
> Since we haven't confirmed this yet on the affected systems here, can 
> anyone lend any further credence or details on the AOL leakage theory?
>
> If true, it doesn't cast a very bright (pun?) light on AOL software.
>
> Jeff
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------