group,
i happened to be running tcpdup -i eth0 this a.m. just to see what is
going on outside of my firewall. i noticed my firewall accessing an
adserver in the aol.com domain. i cannot figure out what process is
causing this to continue. i used tcpdump and netstat to the fullest of
my ability but i am not abole to figure out why this adserver is being
accessed from my firewall. i tcpdump-ed eth1 to see it a machine behind
the firewall is responsible for this connection but there is no traffic
(other than nfs and dhcp) while this is occuring. a snapshot of tcpdump
-i eth0 is:
13:22:44.840202 ool-182d9afe.dyn.optonline.net.36324 >
ads.web.aol.com.www: . ack 1 win 5840 (DF)
13:22:44.840615 ool-182d9afe.dyn.optonline.net.36324 >
ads.web.aol.com.www: P 1:626(625) ack 1 win 5840 (DF)
13:22:44.870409 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36324: P 1:529(528) ack 626 win 16384
13:22:44.870535 ool-182d9afe.dyn.optonline.net.36324 >
ads.web.aol.com.www: . ack 529 win 6432 (DF)
13:22:44.898214 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36324: F 529:529(0) ack 626 win 16384
13:22:44.898465 ool-182d9afe.dyn.optonline.net.36324 >
ads.web.aol.com.www: F 626:626(0) ack 530 win 6432 (DF)
13:22:44.918583 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36324: . ack 627 win 16384
13:22:44.939887 ool-182d9afe.dyn.optonline.net.36325 >
ads.web.aol.com.www: S 649319853:649319853(0) win 5840 <mss
1460,sackOK,timestamp 564576546 0,nop,wscale 0> (DF)
13:22:44.959122 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36325: S 48373874:48373874(0) ack
649319854 win 16384 <mss 1360>
13:22:44.959256 ool-182d9afe.dyn.optonline.net.36325 >
ads.web.aol.com.www: . ack 1 win 5840 (DF)
13:22:44.959832 ool-182d9afe.dyn.optonline.net.36325 >
ads.web.aol.com.www: P 1:760(759) ack 1 win 5840 (DF)
13:22:44.984117 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36325: P 1:86(85) ack 760 win 16384
13:22:44.984244 ool-182d9afe.dyn.optonline.net.36325 >
ads.web.aol.com.www: . ack 86 win 5840 (DF)
13:22:45.014698 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36325: F 86:86(0) ack 760 win 16384
13:22:45.014951 ool-182d9afe.dyn.optonline.net.36325 >
ads.web.aol.com.www: F 760:760(0) ack 87 win 5840 (DF)
13:22:45.032924 ads.web.aol.com.www >
ool-182d9afe.dyn.optonline.net.36325: . ack 761 win 16384
the optonline.net machine is my firewall.
i cannot find anything connected to port 36325. suggestions?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: persistent www connection to aol adserver Debian User
- Re: persistent www connection to aol adserver Greg Folkert
- Re: persistent www connection to aol adserver Debian User
