Re: 72.14.207.104
From: Robert Glueck (rglk_at_web.de)
Date: 06/17/05
- Next message: SK: "Re: possible hack thoughts please"
- Previous message: John Gallet: "Re: possible hack thoughts please"
- In reply to: Newsbox: "Re: 72.14.207.104"
- Next in thread: Newsbox: "Re: 72.14.207.104"
- Reply: Newsbox: "Re: 72.14.207.104"
- Reply: Newsbox: "Re: 72.14.207.104"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Jun 2005 15:15:01 -0400
> It appears that where I am, DNS for google.com resolves to 216.239.39.99,
> both from my ISP's DNS servers and from GOOGLE's (and consistently). So
> when my browser sends a get to 216.239.39.99, and the firewall sees an ACK
> from 72.14.207.104, perhaps the firewall is doing exactly what it is
> supposed to do by LOGging and DROPping that ACK packet. When I put
> "216.239.39.99" into the location bar everything works beautifully. But
> when I put in "google.com" it times out, and I get hits from 72.14.207.104.
>
> As an additional factor, I'm still receiving unsolicited traffic from
> 72.14.207.104 at random times even when I am not attempting to connect to
> google.
>
> I'll look into this some more, and very much appreciate your quick (<15
> minutes) and knowledgeable help. I think I'm beginning to feel better
> now. Thanks again.
I'd appreciate it if you'd look into this some more and tell us your
findings.
I also frequently get unsolicited traffic, i.e. connect attempts, from a
few locations that pass through my NAT router and then are dropped and
logged by my firewall (Firestarter running under Xandros). This can
happen a long time (e.g. 30 min or more) after I last connected to the
address in question with my browser (Firefox), if I connected to it at
all in that session. When I posted this puzzle in this newsgroup, I
received the following response from Rincewind:
"The above are responses from a web server (SPT=80). You sometimes get this
behaviour when the web server is so slow to respond that the connection is
timed out by your browsing machine, but the router still remembers the
connection and passes it through. I see this frequently with one of the
news servers I use."
And another person responded:
"Those appear to be http servers that are responding to a SYN request
from your machine. If you accessed these sites from a browser but then
closed the browser before the response came back you would get this sort
of thing happening.
...... A connect attempt would be a SYN packet. These appear to be
acknowlegments of SYN packets sent by your machine."
Perhaps you're dealing with something similar. I know rather little
about the TCP/IP protocol and don't really understand what is going on.
I was mostly concerned about the fact that inward-bound packets were
able to pass through my NAT router that ostensibly were not a response
to a connection that I had initiated.
Once you've figured this out, could you explain it in novice's terms?
Thanks.
Robert
- Next message: SK: "Re: possible hack thoughts please"
- Previous message: John Gallet: "Re: possible hack thoughts please"
- In reply to: Newsbox: "Re: 72.14.207.104"
- Next in thread: Newsbox: "Re: 72.14.207.104"
- Reply: Newsbox: "Re: 72.14.207.104"
- Reply: Newsbox: "Re: 72.14.207.104"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
