Vulnerability Development mailing list archives
Re: Unauthorized outgoing connect caught by ZA
From: Joe <joe () blarg net>
Date: Mon, 16 Oct 2000 06:51:33 -0700
On Sun, 15 Oct 2000, j nickson wrote:
Case History: Unauthorized request from workstation to connect to Akamai. I saw some unusual activity so I stopped *all* net programs and put Zone Alarm (2.1.25) into LOCK. A few *minutes* later I was rewarded with: -------------------------- The firewall has blocked Internet access to a388.g.akamai.net (63.160.183.233) (HTTP) from your computer.
And it's totally harmless and blocking Akamai.net is definitely not the solution. Next time, do a 'netstat -a' and see if your previous HTTP connections are fully closed before hitting the panic button. The reason no application was associated with the access is because it was probably a normal TCP keepalive packet (or a FIN-ACK packet, or any one of a number of other possible NORMAL tcp packets that occur long after the initial connection is closed out.) And Akamai does not make client-side applications. They have a massive, extremely high-speed distributed caching network where "really big sites" (Like Yahoo.com) stick their content so that when you type in 'www.yahoo.com' you end up at one of Akamai's cache servers instead.
I have explicitly added akamai to reject host lists in various filters and suggest others do likewise,
Please don't make suggestions like this until you understand how TCP based connections on the internet actually work. -- Joe Technical Support General Support: support () blarg net Blarg! Online Services, Inc. Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
Current thread:
- Unauthorized outgoing connect caught by ZA j nickson (Oct 15)
- Re: Unauthorized outgoing connect caught by ZA Vitaly McLain (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Leonardo Serni (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Christopher Palow (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Joe (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Scott D. Yelich (Oct 19)
- Re: Unauthorized outgoing connect caught by ZA Jonathan Rickman (Oct 20)