Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

AOL 8.0 and discover.xml

From: "Louie M." <neural () cerebrallab com>
Date: Wed, 02 Apr 2003 19:14:07 -0800
A few employees recently installed AOL 8.0 on their PCs here at work and access AOL over our company's T1 connection. Since then I noticed that a few machines on our network were making port 80 requests to our firewall. All machines on our network has the firewall set as the internet gateway machine. ippl reported this:
Apr 1 13:04:33 http connection attempt from 192.168.1.12 (192.168.1.12:1112->192.168.1.1:80) Apr 1 13:08:19 http connection attempt from 192.168.1.16 (192.168.1.16:3599->192.168.1.1:80) Apr 1 13:17:49 http connection attempt from 192.168.1.12 (192.168.1.12:1165->192.168.1.1:80) Apr 1 13:51:30 http connection attempt from 192.168.1.12 (192.168.1.12:1289->192.168.1.1:80)
I confirmed that the request was made when the user signed onto their aol account. I have apache running on the firewall so that I could use demarc to view the snort logs. I checked the apache logs and found this in my error_log
[Tue Apr 1 13:04:35 2003] [error] [client 192.168.1.12] File does not exist: /var/www/htdocs/aol/discover.xml [Tue Apr 1 13:08:19 2003] [error] [client 192.168.1.16] File does not exist: /var/www/htdocs/aol/discover.xml [Tue Apr 1 13:17:49 2003] [error] [client 192.168.1.12] File does not exist: /var/www/htdocs/aol/discover.xml [Tue Apr 1 13:51:30 2003] [error] [client 192.168.1.12] File does not exist: /var/www/htdocs/aol/discover.xml
Does anyone know what discover.xml does for aol and why is aol looking for it on the gateway machine?
The only thing I can think of is that maybe this is similar to how MSN messenger used SSDP to talk to the firewall to request access to the outside world. I personally use linux as my dsl router at home so I'm unfamiliar with commercial home routers, but I'm aware that they usually have a web interface to configure them and maybe discover.xml might be on these routers to auto configure port 5190 so that AOL can talk to it's server without any configuration by the user.
A google search didn't turn up anything other than a few logs with similar requests. If anyone could shed some light on this, it would be much appreciated. 
------------------------------------------------------------------------
Neural Nightmare               "It's like Kung-fu lesson for your brain"
Head Mad Scientist                           http://www.cerebrallab.com/
neural () cerebrallab com
------------------------------------------------------------------------
PGP Fingerprint 7F13 8F0D 8F29 C375 4C2B 4570 57D1 83E1
PGP Public Key available at http://www.cerebrallab.com/publickey.php
Previous By Date Next
Previous By Thread Next

Current thread: