Re: AOL Servers Probing ???
From: !:?) (No_at_Spam.Com)
Date: 08/01/05
- Next message: !:?): "Re: Ports 6346 and 1434 TCP and UDP"
- Previous message: Iska2000us: "Re: unable to connect to windows firewall ant-virus wont auto prot"
- In reply to: N. Miller: "Re: AOL Servers Probing ???"
- Next in thread: N. Miller: "Re: AOL Servers Probing ???"
- Reply: N. Miller: "Re: AOL Servers Probing ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Jul 2005 22:32:21 -0400
> As for the probes from name servers; that is highly unusual. They usually
> only respond to queries; but never initiate requests on their own part. You
> wouldn't have your firewall configured to do DNS lookups on IP addresses in
> probes, would you? I use Kerio Personal Firewall 2.1.5. This has a setting
> on a tab; the setting labeled: "Enable DNS Resolving". I have it unchecked.
> I don't need KPF attempting a DNS resolution on every IP address which
> probes my ports. It tends to create additional, and needless, traffic.
>
No I don't allow my Firewall to do that, it's ATGuard (NIS Version 1.0).
I've seen the hit my Domain, NBName and NetBIOS but haven't seen it for
awhile.
I think it was part of Windows Update though because I was Blocking it
during the time this was happening and haven't seen it since I started
allowing it.
I found the Proxy Server too and then later found it tied to and App I
later Allowed that is for Windows Update so they may be the same cause.
I found the Info on the Proxy but I'm only listing the NSLookup as the
who Trace is too long:
-- NSLOOKUP QUERY RESULTS --
Query type: PTR IP: 205.188.146.145
Server: ns1.genext.net
Address: 66.45.212.21
Non-authoritative answer:
145.146.188.205.in-addr.arpa name = nstot.proxy.aol.com
Authoritative answers can be found from:
146.188.205.in-addr.arpa nameserver = dns-02.ns.aol.com
146.188.205.in-addr.arpa nameserver = dns-01.ns.aol.com
Query type: ANY Name: nstot.proxy.aol.com
Server: ns1.genext.net
Address: 66.45.212.21
Non-authoritative answer:
nstot.proxy.aol.com internet address = 205.188.146.145
Authoritative answers can be found from:
proxy.aol.com nameserver = dns-01.ns.aol.com
proxy.aol.com nameserver = dns-02.ns.aol.com
proxy.aol.com nameserver = dns-06.ns.aol.com
proxy.aol.com nameserver = dns-07.ns.aol.com
And Here's what I found on the Proxy when I Blocked it and I'll only
list 2 as there are so many it would be over kill to list them all.
5/18/05 13:25:06 Rule ">> @ Inbound UDP Blocked @ <<" blocked
(compaq,1188). Details:
Inbound UDP packet
Local address,service is (compaq,1188)
Remote address,service is (205.188.146.145,domain)
Process name is "N/A"
5/19/05 13:54:15 Rule ">> @ Inbound UDP Blocked @ <<" blocked
(compaq,1655). Details:
Inbound UDP packet
Local address,service is (compaq,1655)
Remote address,service is (nstot.proxy.aol.com,domain)
Process name is "N/A"
And here are the one's I found that I Permitted I found that are Tied to
a Windows Update App WULOADER.EXE.
I usually Block all access to the Localhost (localhost, 0.0.0.0 and
compaq) too that I removed recently when I started using a Host File.
5/18/05 21:28:26 Rule "WULOADER.EXE UDP domain" permitted
(0.0.0.0,1075). Details:
Inbound UDP packet
Local address,service is (0.0.0.0,1075)
Remote address,service is (nstot.proxy.aol.com,domain)
Process name is "C:\WINDOWS\SYSTEM\WULOADER.EXE"
5/18/05 21:28:26 Rule "WULOADER.EXE UDP domain" permitted
(nstot.proxy.aol.com,domain). Details:
Outbound UDP packet
Local address,service is (0.0.0.0,1075)
Remote address,service is (nstot.proxy.aol.com,domain)
Process name is "C:\WINDOWS\SYSTEM\WULOADER.EXE"
Strange thing is I had nothing going out before this
(Had WULOADER.EXE and other Update Apps Blocked In and Out.)
So why would they hit my Ports and it not tied to the Windows Update App
s like WULOADER.EXE if all Outgoing was Blocked ???
Thanks for your help Norm.
If you hadn't had me go back and look I wouldn't have seen that.
Kevin
- Next message: !:?): "Re: Ports 6346 and 1434 TCP and UDP"
- Previous message: Iska2000us: "Re: unable to connect to windows firewall ant-virus wont auto prot"
- In reply to: N. Miller: "Re: AOL Servers Probing ???"
- Next in thread: N. Miller: "Re: AOL Servers Probing ???"
- Reply: N. Miller: "Re: AOL Servers Probing ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
