I have a Customer that is getting some odd traffic from
AOL (not that odd traffic out of AOL is unusual...)
The alarm messages look like the example below.
Note that the ports on the GNAT Box end cycle
10776, 10761, 10762, 10819, and then repeat. This cycle happens
over and over again, so I don't think that this is a simple case
of a late reply from a server.
My list shows port 6003 as an X-Windows port, but I have a hard
time believing that AOL is running either an X-Windows server or
client that would be trying to communicate with hosts that are
not within AOL.
Has anyone seen something like this before?
----------------------------------------------------------------------------
-
ALARM NO: 1
DATE: Monday, Jun 26, 2000
TIME: 12:55:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10776] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10776]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 2
DATE: Monday, Jun 26, 2000
TIME: 12:55:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10761] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10761]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 3
DATE: Monday, Jun 26, 2000
TIME: 12:55:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10762] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10762]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 4
DATE: Monday, Jun 26, 2000
TIME: 12:55:31
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10819] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10819]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 5
DATE: Monday, Jun 26, 2000
TIME: 12:56:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10776] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10776]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 6
DATE: Monday, Jun 26, 2000
TIME: 12:56:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10761] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10761]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 7
DATE: Monday, Jun 26, 2000
TIME: 12:56:30
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10762] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10762]
DETAILED DESCRIPTION:
IP packet was rejected.
----------------------------------------------------------------------------
-
ALARM NO: 8
DATE: Monday, Jun 26, 2000
TIME: 12:56:31
INTERFACE: EXT (fxp0)
ALARM TYPE: Block
IP PACKET: TCP [205.188.161.9/6003]-->[A.B.C.D/10819] l=0 f=0x11
[web48.aolmail.aol.com/6003]-->[A.B.C.D/10819]
DETAILED DESCRIPTION:
IP packet was rejected.
