[Dshield] Blaster, or AOL strangeness... - SOLVED
bjorn at thechemistrylab.com
Wed Oct 8 17:26:58 GMT 2003
I just telnetted to port 4444 on
126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11,
18.104.22.168, & 22.214.171.124
also known as
ht-s11.websys.aol.com, ht-s12.websys.aol.com, ht-s13.websys.aol.com,
ht-s14.websys.aol.com, ht-s15.websys.aol.com, & ht-s16.websys.aol.com
They are serving up some nice web content:
as the default page.
and here's a bad request...
HTTP/1.0 400 Bad Request
Date: Wed, 08 Oct 2003 16:50:14 GMT
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
The HTTP request presented by your browser is invalid.
Invalid HTTP request
<P ALIGN=RIGHT><SMALL><I>AOLserver/3.4.2 on
It would be pretty safe to assume these are webservers running AOLServer
It would appear they are image/ad servers for AOL
I'm not sure if websites would reference these servers or if AOL's IM client
would or if their own AOL software would reference it... It could be that
someone is using AOL software over your network and your firewall is
blocking the access to the non-standard port usage. The whole thing appears
I wouldn't lose any sleep over it.
google turned up this site which references these urls:
It's a webhosting service called "hometown" from AOL that references these 6
web servers putting out benign .js and .gif content on non-standard ports.
I hope that answers your questions...
> I have been in contact with someone via another list who works for AOL.
There is nothing valid on
> port 4444 in the entire 205.188.134.xxx class C.
I would take information from someone who claims to represent AOL or even
actually works for AOL with a grain of salt.
More information about the list