David Demland wrote: >Craig, > >I do not think it is CA software because I have not seen it on my network >and I use CA software. When I do a lookup on the IP 213.254.229.147 I get >the following information: > >OrgName: RIPE Network Coordination Centre >OrgID: RIPE >Address: P.O. Box 10096 >City: Amsterdam >StateProv: >PostalCode: 1001EB >Country: NL > >This also supports my idea that it is not CA since the IP is in Amsterdam. >When I try to connect a HTTPS connection to the same IP I got a message with >a SSL certificate from a248.e.akamai.net. The look up for akamai.net show: > > Akamai Technologies, Inc. > 8 Cambridge Center > Cambridge, MA 02142 > US > >When I connected a to akamai.net I get a coming soon page. So I tried to >connect to akamai.net through a HTTPS connection. This time I get s >certificate from plesk of SWsoft, Inc. in Virginia. > >I am not sure what all this means, but it just feels funny to me. Maybe some >else could shed some more light. > >David > > > Akamai is a huge web caching service. A lot of banner ads and other content get cached on their service. JD >-----Original Message----- >From: plug-discuss-bounces@lists.plug.phoenix.az.us >[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us]On Behalf Of Craig >White >Sent: Thursday, September 22, 2005 8:34 PM >To: plug-discuss@lists.plug.phoenix.az.us >Subject: speaking about Linux firewalls > > >A network where I have one. > >Just set up a new Win2K3 server (don't lecture, I have as much religion >as the next guy). It's been up for 3 weeks or so and before we went >live, it punked out (seems to be a memory problem - ahem - Dell)... > >Anyway, I happened to run netstat on the sucker and what do I see but a >connection that makes no sense at all since it is not exposed to the >internet in any fashion. > >TCP MY_HOSTNAME:3289 213.254.229.147:http ESTABLISHED > >I can ping that ip address and it's really bothering me. I am going to >block it at the firewall but I can't get a handle on it. > >fingerprinting... > ># nmap -O 213.254.229.147 > >Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-09-22 19:53 >MST >Interesting ports on 213.254.229.147: >(The 1655 ports scanned but not shown below are in state: closed) >PORT STATE SERVICE >22/tcp open ssh >80/tcp open http >443/tcp open https >500/tcp open isakmp >Device type: general purpose >Running: Linux 2.4.X >OS details: Linux 2.4.20 (Itanium) >Uptime 24.386 days (since Mon Aug 29 10:37:26 2005) > >Nmap run completed -- 1 IP address (1 host up) scanned in 16.391 seconds > >Anybody have any ideas what is going on? > >Obviously I put new rules into Linux firewall and rebooted both systems >but blocking that one ip address isn't likely to stop whatever it was >that was connected - it may be something like Computer Associates >BrightStor/ArcServe doing a phone home thing but it really bothered me. > >Craig > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >--------------------------------------------------- >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >To subscribe, unsubscribe, or to change you mail settings: >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >--------------------------------------------------- >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >To subscribe, unsubscribe, or to change you mail settings: >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss