speaking about Linux firewalls
JD Austin
jd at twingeckos.com
Thu Sep 22 21:32:48 MST 2005
David Demland wrote:
>Craig,
>
>I do not think it is CA software because I have not seen it on my network
>and I use CA software. When I do a lookup on the IP 213.254.229.147 I get
>the following information:
>
>OrgName: RIPE Network Coordination Centre
>OrgID: RIPE
>Address: P.O. Box 10096
>City: Amsterdam
>StateProv:
>PostalCode: 1001EB
>Country: NL
>
>This also supports my idea that it is not CA since the IP is in Amsterdam.
>When I try to connect a HTTPS connection to the same IP I got a message with
>a SSL certificate from a248.e.akamai.net. The look up for akamai.net show:
>
> Akamai Technologies, Inc.
> 8 Cambridge Center
> Cambridge, MA 02142
> US
>
>When I connected a to akamai.net I get a coming soon page. So I tried to
>connect to akamai.net through a HTTPS connection. This time I get s
>certificate from plesk of SWsoft, Inc. in Virginia.
>
>I am not sure what all this means, but it just feels funny to me. Maybe some
>else could shed some more light.
>
>David
>
>
>
Akamai is a huge web caching service.
A lot of banner ads and other content get cached on their service.
JD
>-----Original Message-----
>From: plug-discuss-bounces at lists.plug.phoenix.az.us
>[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us]On Behalf Of Craig
>White
>Sent: Thursday, September 22, 2005 8:34 PM
>To: plug-discuss at lists.plug.phoenix.az.us
>Subject: speaking about Linux firewalls
>
>
>A network where I have one.
>
>Just set up a new Win2K3 server (don't lecture, I have as much religion
>as the next guy). It's been up for 3 weeks or so and before we went
>live, it punked out (seems to be a memory problem - ahem - Dell)...
>
>Anyway, I happened to run netstat on the sucker and what do I see but a
>connection that makes no sense at all since it is not exposed to the
>internet in any fashion.
>
>TCP MY_HOSTNAME:3289 213.254.229.147:http ESTABLISHED
>
>I can ping that ip address and it's really bothering me. I am going to
>block it at the firewall but I can't get a handle on it.
>
>fingerprinting...
>
># nmap -O 213.254.229.147
>
>Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-09-22 19:53
>MST
>Interesting ports on 213.254.229.147:
>(The 1655 ports scanned but not shown below are in state: closed)
>PORT STATE SERVICE
>22/tcp open ssh
>80/tcp open http
>443/tcp open https
>500/tcp open isakmp
>Device type: general purpose
>Running: Linux 2.4.X
>OS details: Linux 2.4.20 (Itanium)
>Uptime 24.386 days (since Mon Aug 29 10:37:26 2005)
>
>Nmap run completed -- 1 IP address (1 host up) scanned in 16.391 seconds
>
>Anybody have any ideas what is going on?
>
>Obviously I put new rules into Linux firewall and rebooted both systems
>but blocking that one ip address isn't likely to stop whatever it was
>that was connected - it may be something like Computer Associates
>BrightStor/ArcServe doing a phone home thing but it really bothered me.
>
>Craig
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
More information about the PLUG-discuss
mailing list