----- Original Message -----
From: "Derek Doucette" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 19, 2001 11:38 PM
Subject: Who am I attacking???
> Hey there I was just checking through my logs and came across this:
>
> Jun 18 21:56:00 keene snort[18571]:
IDS296/http-whisker-splicing-attack-space: 192.168.0.158:3004 ->
151.193.165.62:80
>
> now am I confused or is this coming to from my comp to someones web
server? Does anyone have any ideas??
>
Sorry for the multiple messages...
Strangely enough, the external ip address you are sending?? stuff to
translates to dpsl.travelocity.com.
It could be something as innocent as transmitting your travelocity cookie to
the web server, or it could be some covert scheme by travelocity to profile
you, similar to what NetZip and its descendents RealDownload or Netscape
Smart Download was doing recently (see http://grc.com/downloaders.htm for
info.)
Rich C.
"Just because you're paranoid doesn't mean you're not being watched."
--Origin unknown (by me anyway.)
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
