OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Unauthorized outgoing connect caught by ZA
From: Joe (joeBLARG.NET)
Date: Mon Oct 16 2000 - 08:51:33 CDT

On Sun, 15 Oct 2000, j nickson wrote:

> Case History: Unauthorized request from workstation to connect to Akamai.
>
> I saw some unusual activity so I stopped *all* net programs and put Zone
> Alarm (2.1.25) into LOCK.
>
> A few *minutes* later I was rewarded with:
>
> --------------------------
> The firewall has blocked Internet access to a388.g.akamai.net
> (63.160.183.233) (HTTP) from your computer.

And it's totally harmless and blocking Akamai.net is definitely not the
solution. Next time, do a 'netstat -a' and see if your previous HTTP
connections are fully closed before hitting the panic button.

The reason no application was associated with the access is because it was
probably a normal TCP keepalive packet (or a FIN-ACK packet, or any one of a
number of other possible NORMAL tcp packets that occur long after the
initial connection is closed out.)

And Akamai does not make client-side applications. They have a massive,
extremely high-speed distributed caching network where "really big sites"
(Like Yahoo.com) stick their content so that when you type in
'www.yahoo.com' you end up at one of Akamai's cache servers instead.

> I have explicitly added akamai to reject host lists in various filters and
> suggest others do likewise,

Please don't make suggestions like this until you understand how TCP based
connections on the internet actually work. 

--
Joe                                     Technical Support
General Support:  supportblarg.net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net