[Dshield] stange http replies maybe?

Ryan J Betz ryanb at maumeepattern.com
Fri Aug 31 11:45:21 GMT 2001


This morning I saw this in the firewall logs from last night:

Aug 30 16:30:04 gateway kernel: Packet log: output DENY eth0 PROTO=6
169.254.101.152:80 172.136.230.93:4287 L=40 S=0x00 I=64608 F=0x0000 T=126
(#33)
Aug 30 16:30:09 gateway kernel: Packet log: output DENY eth0 PROTO=6
169.254.101.152:80 172.136.230.93:4287 L=40 S=0x00 I=64654 F=0x0000 T=126
(#33)

169.254.101.152 is the DHCP autoconfiguation address for windows isn't it?
I don't run DHCP, everything has a static IP address.  The destination
address seems to be part of AOL.  I have a couple of users that use AOL here
(unfortunatly).  It's possible that this is something funky that AOL does,
and I just don't know about it.  Any Ideas?

Thanks,
Ryan J Betz




More information about the list mailing list