persistent www connection to aol adserver

To: debian-user@lists.debian.org
Subject: persistent www connection to aol adserver
From: Debian User <debian-user@zerocrossings.com>
Date: Sat, 20 Dec 2003 13:37:33 -0500
Message-id: <[🔎] 3FE496ED.8030508@zerocrossings.com>

group,

i happened to be running tcpdup -i eth0 this a.m. just to see what isgoing on outside of my firewall. i noticed my firewall accessing anadserver in the aol.com domain. i cannot figure out what process iscausing this to continue. i used tcpdump and netstat to the fullest ofmy ability but i am not abole to figure out why this adserver is beingaccessed from my firewall. i tcpdump-ed eth1 to see it a machine behindthe firewall is responsible for this connection but there is no traffic(other than nfs and dhcp) while this is occuring. a snapshot of tcpdump-i eth0 is:

13:22:44.840202 ool-182d9afe.dyn.optonline.net.36324 >ads.web.aol.com.www: . ack 1 win 5840 (DF)13:22:44.840615 ool-182d9afe.dyn.optonline.net.36324 >ads.web.aol.com.www: P 1:626(625) ack 1 win 5840 (DF)13:22:44.870409 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36324: P 1:529(528) ack 626 win 1638413:22:44.870535 ool-182d9afe.dyn.optonline.net.36324 >ads.web.aol.com.www: . ack 529 win 6432 (DF)13:22:44.898214 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36324: F 529:529(0) ack 626 win 1638413:22:44.898465 ool-182d9afe.dyn.optonline.net.36324 >ads.web.aol.com.www: F 626:626(0) ack 530 win 6432 (DF)13:22:44.918583 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36324: . ack 627 win 1638413:22:44.939887 ool-182d9afe.dyn.optonline.net.36325 >ads.web.aol.com.www: S 649319853:649319853(0) win 5840 <mss1460,sackOK,timestamp 564576546 0,nop,wscale 0> (DF)13:22:44.959122 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36325: S 48373874:48373874(0) ack649319854 win 16384 <mss 1360>13:22:44.959256 ool-182d9afe.dyn.optonline.net.36325 >ads.web.aol.com.www: . ack 1 win 5840 (DF)13:22:44.959832 ool-182d9afe.dyn.optonline.net.36325 >ads.web.aol.com.www: P 1:760(759) ack 1 win 5840 (DF)13:22:44.984117 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36325: P 1:86(85) ack 760 win 1638413:22:44.984244 ool-182d9afe.dyn.optonline.net.36325 >ads.web.aol.com.www: . ack 86 win 5840 (DF)13:22:45.014698 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36325: F 86:86(0) ack 760 win 1638413:22:45.014951 ool-182d9afe.dyn.optonline.net.36325 >ads.web.aol.com.www: F 760:760(0) ack 87 win 5840 (DF)13:22:45.032924 ads.web.aol.com.www >ool-182d9afe.dyn.optonline.net.36325: . ack 761 win 16384



the optonline.net machine is my firewall.

i cannot find anything connected to port 36325. suggestions?

Reply to:

Follow-Ups:
- Re: persistent www connection to aol adserver
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Restarting daemons
Next by Date: Re: can't get screen to work for XFree86 in Debian
Previous by thread: Re: Restarting daemons
Next by thread: Re: persistent www connection to aol adserver
Index(es):
- Date
- Thread