Vulnerability Development mailing list archives
Unauthorized outgoing connect caught by ZA
From: j nickson <jnickson () TOGETHER NET>
Date: Sun, 15 Oct 2000 10:08:22 -0400
Case History: Unauthorized request from workstation to connect to Akamai. I saw some unusual activity so I stopped *all* net programs and put Zone Alarm (2.1.25) into LOCK. A few *minutes* later I was rewarded with: -------------------------- The firewall has blocked Internet access to a388.g.akamai.net (63.160.183.233) (HTTP) from your computer. Time: 10/15/00 8:13:08 ----------------------------------
From me (!!!) to Akamai and NOTHING WAS RUNNING.
Another REALLY odd thing about this is that ZA listed no program.... This struck me as odd, so for comparison I then tried to netscape out and got the following message NOTE the additional program indentification material at the bottom. ---------------------------------------- Netscape Navigator application file tried to connect to the Internet (209.198.87.40), but was denied access by the Internet Lock. User: *********** Program: Netscape Navigator application file Time: 10/15/00 8:18:32 ---------------------------------------------- So who was sending what to Akamai? It was unauthorized, was it illegal? Actionable? I have explicitly added akamai to reject host lists in various filters and suggest others do likewise, however if it is sneaking below radar for "program name" it is further worrisome from infosec and infopriv concerns. If it is corporate sleazeware, what are the implications for previously secured workstations? I looked for akamai in clear text in all my files and only found logs of the event. Can anyone else replicate the event or shed more light on this? Win 98 SE, ZA J ------------------------------------------------- James Nickson, CDP voice: 603-256-8055 10 Merrifield, W. Chesterfield, NH, 03466-3131
Current thread:
- Unauthorized outgoing connect caught by ZA j nickson (Oct 15)
- Re: Unauthorized outgoing connect caught by ZA Vitaly McLain (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Leonardo Serni (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Christopher Palow (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Joe (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Scott D. Yelich (Oct 19)
- Re: Unauthorized outgoing connect caught by ZA Jonathan Rickman (Oct 20)