Vulnerability Development mailing list archives
Re: Unauthorized outgoing connect caught by ZA
From: Leonardo Serni <sernil () TIN IT>
Date: Sun, 15 Oct 2000 22:13:37 +0200
At 10.08 15/10/00 -0400, j nickson <jnickson () TOGETHER NET> wrote:
Case History: Unauthorized request from workstation to connect to Akamai. I saw some unusual activity so I stopped *all* net programs and put Zone Alarm (2.1.25) into LOCK. A few *minutes* later I was rewarded with: -------------------------- The firewall has blocked Internet access to a388.g.akamai.net (63.160.183.233) (HTTP) from your computer.
Pardon me, but could it be that a (mostly) legitimate connection was severed and the OS itself took charge of closing the sockets (after a suitable time) so that Z.A. did actually intercept either a "dead connection" or a "anybody home?" packet? Something of the kind happens to me all the time when surfing over *sloooow* web sites. Which are the majority, when seen from an Italian ISP line :-). The traffic goes down, the Linux box drops the connection. After seconds, or perhaps minutes, something on the Windows box awakens and sends out packets, which are dropped. Leonardo
Current thread:
- Unauthorized outgoing connect caught by ZA j nickson (Oct 15)
- Re: Unauthorized outgoing connect caught by ZA Vitaly McLain (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Leonardo Serni (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Christopher Palow (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Joe (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Scott D. Yelich (Oct 19)
- Re: Unauthorized outgoing connect caught by ZA Jonathan Rickman (Oct 20)