I see 172.165.x.x addresses spoofed (probably by accident, by
people who meant to type 172.16.x.x) that if this were connectionless
traffic, I wouldn't leap to blame AOL for it. But having an
established TCP connection makes it much more likely that this really
is from them....
DG
On 11 Sep 2001, at 17:38, william.wells wrote:
> My PC is loaded with intrusion detection and other types of software. For
> the first time, AOL has tripped one of those alarms. The message indicated
> that a connection from AOL's system 172.165.224.93 (ACA5E05D.ipt.aol.com)
> attempted to scan my PC on port 80 with the URL of:
> GET /default.ida?XXXXXXXXX...XXX%u9090%u685......
>
> I've currently got AOL disabled at my firewall as a result. Normally, the
> firewall only lets ports 5190 out and only to AOL's systems. The implication
> of this is that, once connected to AOL, they allow both inbound and outbound
> connections. The system (172.165.224.93) also isn't one of the permitted IP
> addresses for which the firewall will allow connections to. A traceroute,
> however, clearly showed that the packet when through AOL's adapter running
> on Windows.
>
> Comments?
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
