> It maybe interesting to know that aol installs a special ``adapter'' > that is purported to behave similarly to an hardware nic. In fact, on > win9x, at least, it is next to the nic in network neighborhood > properties and is near identically configured.
As mentioned in other replies, and strenghtened by the above, it sure sounds like AOL is setting up a virtual network (or tunnel) of some sort from the client system to somewhere in AOL land. One piece of behavior I've noticed on Windows systems with multiple network interfaces, is broadcast packets (DHCP packets in my case) seem to be sent out *ALL* interfaces, with the same source IP used on all packets. I first noticed this when I put an LRP system on the same upstream network as an NT Proxy server...I kept getting martian packets with source IP's of the NT Proxy server's internal network interface...the errant packets were DHCP responses to clients, probably being sent out all currently connected interfaces as a side affect of Windows tendancy to use broadcast packets for basic connectivity, and not enough wire-level sniffers running in Redmond... Anyway, I suspect this is what's happening with at least some of your martians...most of them looked like they're headed for the all-ones broadcast IP. I don't know why the other martians are showing up...I'm not that familiar with the MS networking stack, and how windows systems handle routing, forwarding, etc. As mentioned elsewhere, apparently the AOL traffic is creating a tunnel through your firewall for it's traffic, which fundamentally represents a 'back door' to your internal net. Anyone seen a recent security review of the AOL client source code, to know if this is "safe" or not? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
