Vulnerability Development mailing list archives
Re: Unauthorized outgoing connect caught by ZA
From: Christopher Palow <palow () CMU EDU>
Date: Sun, 15 Oct 2000 19:38:57 -0400
Since akamai delivers web content for a good deal of popular sites, including yahoo.com, blocking akamai might not be advisable. Why don't you check their client's list and see if you had visited one of their clients recently. Maybe that'd help you in your investigation. Christopher Palow Junior Electrical and Computer Engineering Carnegie Mellon Univeristy At 10:08 AM 10/15/2000 -0400, you wrote:
Case History: Unauthorized request from workstation to connect to Akamai. I saw some unusual activity so I stopped *all* net programs and put Zone Alarm (2.1.25) into LOCK. A few *minutes* later I was rewarded with: -------------------------- The firewall has blocked Internet access to a388.g.akamai.net (63.160.183.233) (HTTP) from your computer. Time: 10/15/00 8:13:08 ---------------------------------- >From me (!!!) to Akamai and NOTHING WAS RUNNING. Another REALLY odd thing about this is that ZA listed no program.... This struck me as odd, so for comparison I then tried to netscape out and got the following message NOTE the additional program indentification material at the bottom. ---------------------------------------- Netscape Navigator application file tried to connect to the Internet (209.198.87.40), but was denied access by the Internet Lock. User: *********** Program: Netscape Navigator application file Time: 10/15/00 8:18:32 ---------------------------------------------- So who was sending what to Akamai? It was unauthorized, was it illegal? Actionable? I have explicitly added akamai to reject host lists in various filters and suggest others do likewise, however if it is sneaking below radar for "program name" it is further worrisome from infosec and infopriv concerns. If it is corporate sleazeware, what are the implications for previously secured workstations? I looked for akamai in clear text in all my files and only found logs of the event. Can anyone else replicate the event or shed more light on this? Win 98 SE, ZA J ------------------------------------------------- James Nickson, CDP voice: 603-256-8055 10 Merrifield, W. Chesterfield, NH, 03466-3131
Current thread:
- Unauthorized outgoing connect caught by ZA j nickson (Oct 15)
- Re: Unauthorized outgoing connect caught by ZA Vitaly McLain (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Leonardo Serni (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Christopher Palow (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Joe (Oct 16)
- Re: Unauthorized outgoing connect caught by ZA Scott D. Yelich (Oct 19)
- Re: Unauthorized outgoing connect caught by ZA Jonathan Rickman (Oct 20)