funsec mailing list archives

Re: mystery redirect

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 22 Jan 2010 14:11:32 -0500

From the document: "OpsSec The Operations Security Department for AOL.

OpsSec can be reached by calling (703) 265-4040"

 

That could be useful for me

 

Larry Seltzer
Contributing Editor, PC Magazine

larry_seltzer () ziffdavis com 

http://blogs.pcmag.com/securitywatch/

 

From: Benjamin Brown [mailto:optikali () gmail com] 
Sent: Friday, January 22, 2010 2:08 PM
To: Larry Seltzer
Cc: funsec () linuxbox org
Subject: Re: [funsec] mystery redirect

 

So for what its worth I was able to scrounge up an internal training
manual for the system:
http://74.125.47.132/search?q=cache:J01z1LxmObMJ:la.gg/upl/SERA30ForWind
owsUserGuide.pdf

On Fri, Jan 22, 2010 at 1:59 PM, Larry Seltzer <larry () larryseltzer com>
wrote:

They're all on the same NOC? Some screwy routing error? (I don't really
know what that means, but it's a step up from "WTF?")

 

Larry Seltzer
Contributing Editor, PC Magazine

larry_seltzer () ziffdavis com 

http://blogs.pcmag.com/securitywatch/

 

From: Benjamin Brown [mailto:optikali () gmail com] 
Sent: Friday, January 22, 2010 1:55 PM


To: Larry Seltzer
Cc: funsec () linuxbox org
Subject: Re: [funsec] mystery redirect

 

So a number of other people have had the same issue on various other
sites (mostly forums) having them redirected to that AOL Remote Access
Web Portal over and over to have it go away after a day or so. Does not
seem to be browser specific and the users had varied ISPs. Looks like
this domain is run by the AOL NOC. You might be able to get some more
info out of them. Maybe a bugged AOL ad? But then again I don't think
there are ads inside the BoA accounts area =/

64.236.128.78

Record Type: IP Address

                
        
OrgName:    AOL Transit Data Network 

  

  
OrgID:      ATDN

  

  
Address:    22000 AOL Way

  

  
City:       Dulles

  

  
StateProv:  VA

  

  
PostalCode: 20166

  

  
Country:    US

  

  
  

  

  
  

  

  
  
 
NetRange:   64.236.0.0 - 64.236.255.255 

  

  
CIDR:       64.236.0.0/16 

  

  
NetName:    ATDN-ISP

  

  
NetHandle:  NET-64-236-0-0-1

  

  
Parent:     NET-64-0-0-0-0

  

  
NetType:    Direct Allocation

  

  
  

  

  
  
 
NameServer: DNS-01.ATDN.NET

  

  
NameServer: DNS-02.ATDN.NET

  

  
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

  

  
RegDate:    2000-02-02

  

  
  

  

  
  
 
Updated:    2002-06-19

  

  
  

  

  
RTechHandle: AOL-NOC-ARIN

  

  
RTechName:   America Online, Inc. 

  

  
RTechPhone:  +1-703-265-4670

  

  
RTechEmail:  domains () aol net 

 

On Fri, Jan 22, 2010 at 1:35 PM, Larry Seltzer <larry () larryseltzer com>
wrote:

Nope. I'm on my own private wifi connected to Verzon FiOS

 

Larry Seltzer
Contributing Editor, PC Magazine

larry_seltzer () ziffdavis com 

http://blogs.pcmag.com/securitywatch/

 

From: Benjamin Brown [mailto:optikali () gmail com] 
Sent: Friday, January 22, 2010 1:33 PM
To: Larry Seltzer
Cc: funsec () linuxbox org
Subject: Re: [funsec] mystery redirect

 

So to use this service it looks like you need
https://remote.aol.com/clients.html 

All of the FAQ / Documentation stuff looks like it requires a corporate
partners.aol login

On Fri, Jan 22, 2010 at 1:10 PM, Benjamin Brown <optikali () gmail com>
wrote:

Are you using a public wireless connection?

On Wed, Jan 20, 2010 at 10:43 PM, Larry Seltzer <larry () larryseltzer com>
wrote:

        So I'm sitting here watching the tube with my Bank of America
account open in Chrome.

         

        Suddenly I see the browser redirect to
https://mtc.remote.aol.com/dana-na/auth/url_default/welcome.cgi. I have
attached a screen shot.

         

        WTF?

         

        Larry Seltzer
        Contributing Editor, PC Magazine

        larry_seltzer () ziffdavis com 

        http://blogs.pcmag.com/securitywatch/

         

         

        _______________________________________________
        Fun and Misc security discussion for OT posts.
        https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
        Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

mystery redirect Larry Seltzer (Jan 22)
- Re: mystery redirect Benjamin Brown (Jan 22)
  - Re: mystery redirect Benjamin Brown (Jan 22)
    - Re: mystery redirect Larry Seltzer (Jan 22)
    - Re: mystery redirect Benjamin Brown (Jan 22)
    - Re: mystery redirect Larry Seltzer (Jan 22)
    - Re: mystery redirect Benjamin Brown (Jan 22)
    - Re: mystery redirect Larry Seltzer (Jan 22)
    - Re: mystery redirect Benjamin Brown (Jan 22)
    - Re: mystery redirect steve pirk [egrep] (Jan 22)
    - Re: mystery redirect Larry Seltzer (Jan 22)
    - Re: mystery redirect Richard Golodner (Jan 22)
- <Possible follow-ups>
- Re: mystery redirect Larry Seltzer (Jan 22)