|
Posted by Dubious Dude on December 9, 2006, 3:15 am
If you were Registered and logged in, you could reply and use other advanced thread options
When I booted up, Kerio warns me that "Generic Host Process for Win32
Services" from my computer wants to connect to 198.18.1.1:80. The
application is c:\winnt\system32\svchost.exe. According to
DNSstuff.com, this is Internet Assigned Numbers Authority (IANA) in
Marina del Rey, CA. If I use my browser to visit
http://198.18.1.1:80, the page says "Directory Listing Denied. This
Virtual Directory does not allow contents to be listed." What are
some reasons why this access is attempted?
|
|
Posted by Sebastian Gottschalk on December 9, 2006, 10:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dubious Dude wrote:
> When I booted up, Kerio warns me that "Generic Host Process for Win32
> Services" from my computer wants to connect to 198.18.1.1:80. The
> application is c:\winnt\system32\svchost.exe. According to
> DNSstuff.com, this is Internet Assigned Numbers Authority (IANA) in
> Marina del Rey, CA. If I use my browser to visit
> http://198.18.1.1:80, the page says "Directory Listing Denied. This
> Virtual Directory does not allow contents to be listed." What are
> some reasons why this access is attempted?
1. Is there actually an access attempted? You know, Kerio is program to
create random messages about most likely non-existent network traffic, as
well as fucking up the network.
2. If it's actually for real, you shouldn't ask, but rather check out what
services are related to that Svchost instance. Most likely it's the
Intelligent Background Transfer service.
3. This could be malicious, or this could just be Windows Update accessing
one of the many hosts of the Akamai network, which does load balancing for
Microsoft.
At any rate, it seems like you're trying to run a host-based packet filter
without even knowing a jack-shit about networking or your host operating
system.
|
|
Posted by MC on December 9, 2006, 12:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> At any rate, it seems like you're trying to run a host-based packet filter
> without even knowing a jack-shit about networking or your host operating
> system.
Well at least he had some sense to run it, unlike what you would advise
to not run anything (see other thread), so he noticed this and can
investigate the potentially malicious access ;-)
|
|
Posted by Sebastian Gottschalk on December 9, 2006, 2:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Sebastian Gottschalk wrote:
>> At any rate, it seems like you're trying to run a host-based packet filter
>> without even knowing a jack-shit about networking or your host operating
>> system.
> Well at least he had some sense to run it,
Bullshit. Without the necessary knowledge, you can't achieve any security
at all. Usually things will be much worse, especially since Kerio is a
totally broken shitty piece of software.
> unlike what you would advise to not run anything (see other thread),
"unlike"? You seem to be implying that something would be wrong with not
running bullshit software.
> so he noticed this
One doesn't need any packet filter to do so.
> and can investigate the potentially malicious access ;-)
There's nothing to investigate.
|
|
Posted by MC on December 10, 2006, 8:02 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> unlike what you would advise to not run anything (see other thread),
>
> "unlike"? You seem to be implying that something would be wrong with not
> running bullshit software.
Yes... unlike.. you stated very clearly that you advise people to not
run anything at all, which is still a bad idea.
>> so he noticed this
> One doesn't need any packet filter to do so.
Not running anything surely doesn't have anyone notice ANY access that
might be unwanted. But since you prefer to have every end user system
completely exposed to the Internet, contrary the advise from just about
anyone in the business of providing Internet Services, I guess I'm
talking to a wall here ;-)
>> and can investigate the potentially malicious access ;-)
> There's nothing to investigate.
I don't know about Kerio, I discarded it myself since it took too much
cpu for nothing, but I doubt a piece of software makes up random access
warnings, especally if they intend to remain in business for a while.
BTW: I don't think the IANA is running hosts for Akamai
|
| Similar Threads | Posted | | SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service, unauthorized access. | July 5, 2004, 3:43 pm |
| Top 5 Reasons to Attend LISA '05 | November 17, 2005, 4:40 pm |
| Top 5 Reasons to Attend LISA '06 | November 1, 2006, 4:23 pm |
| Top 5 Reasons to Attend USENIX '07 | May 18, 2007, 4:50 pm |
| Top 5 Reasons to Attend USENIX '08 | May 19, 2008, 5:21 pm |
| LISA '07 - Latest News and Top 5 Reasons to Attend | September 24, 2007, 4:27 pm |
| A tool for mirroring HTTP stream | October 23, 2007, 5:15 am |
| Sending CMS SignedData via http - which Content-Type?? | March 22, 2005, 8:44 am |
| SSRT3534 rev.2 HP-UX Apache HTTP Server Denial of Service (DoS) | July 5, 2004, 3:39 pm |
| SSRT3587 rev.2 HP-UX Apache HTTP Server Denial of Service (DoS) | July 5, 2004, 3:41 pm |
|
XML site map