Re: mystery redirect

[Benjamin Brown <optikali () gmail com>]

Looks like they are on SERA4 now which seems to be: "SERA4 (*Secure
Enterprise Remote Access* *v4*), which runs on Juniper SSL VPN concentrators
with a RADIUS backend for authorization."

On Fri, Jan 22, 2010 at 2:11 PM, Larry Seltzer <larry () larryseltzer com>wrote:

>  From the document: “OpsSec The Operations Security Department for AOL.
> OpsSec can be reached by calling (703) 265-4040”
>
>
>
> That could be useful for me
>
>
>
> Larry Seltzer
> Contributing Editor, PC Magazine
>
> larry_seltzer () ziffdavis com
>
> http://blogs.pcmag.com/securitywatch/
>
>
>
> *From:* Benjamin Brown [mailto:optikali () gmail com]
> *Sent:* Friday, January 22, 2010 2:08 PM
>
> *To:* Larry Seltzer
> *Cc:* funsec () linuxbox org
> *Subject:* Re: [funsec] mystery redirect
>
>
>
> So for what its worth I was able to scrounge up an internal training manual
> for the system:
>
> http://74.125.47.132/search?q=cache:J01z1LxmObMJ:la.gg/upl/SERA30ForWindowsUserGuide.pdf
>
> On Fri, Jan 22, 2010 at 1:59 PM, Larry Seltzer <larry () larryseltzer com>
> wrote:
>
> They’re all on the same NOC? Some screwy routing error? (I don’t really
> know what that means, but it’s a step up from “WTF?”)
>
>
>
> Larry Seltzer
> Contributing Editor, PC Magazine
>
> larry_seltzer () ziffdavis com
>
> http://blogs.pcmag.com/securitywatch/
>
>
>
> *From:* Benjamin Brown [mailto:optikali () gmail com]
> *Sent:* Friday, January 22, 2010 1:55 PM
>
>
> *To:* Larry Seltzer
> *Cc:* funsec () linuxbox org
> *Subject:* Re: [funsec] mystery redirect
>
>
>
> So a number of other people have had the same issue on various other sites
> (mostly forums) having them redirected to that AOL Remote Access Web Portal
> over and over to have it go away after a day or so. Does not seem to be
> browser specific and the users had varied ISPs. Looks like this domain is
> run by the AOL NOC. You might be able to get some more info out of them.
> Maybe a bugged AOL ad? But then again I don't think there are ads inside the
> BoA accounts area =/
>
> *64.236.128.78*
>
> *Record Type:* IP Address
>
> OrgName:    AOL Transit Data Network
>
>
>
>   OrgID:      ATDN
>
>
>
>   Address:    22000 AOL Way
>
>
>
>   City:       Dulles
>
>
>
>   StateProv:  VA
>
>
>
>   PostalCode: 20166
>
>
>
>   Country:    US
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> NetRange:   64.236.0.0 - 64.236.255.255
>
>
>
>   CIDR:       64.236.0.0/16
>
>
>
>   NetName:    ATDN-ISP
>
>
>
>   NetHandle:  NET-64-236-0-0-1
>
>
>
>   Parent:     NET-64-0-0-0-0
>
>
>
>   NetType:    Direct Allocation
>
>
>
>
>
>
>
>
>
>
>
> NameServer: DNS-01.ATDN.NET
>
>
>
>   NameServer: DNS-02.ATDN.NET
>
>
>
>   Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
>
>
>
>   RegDate:    2000-02-02
>
>
>
>
>
>
>
>
>
>
>
> Updated:    2002-06-19
>
>
>
>
>
>
>
>   RTechHandle: AOL-NOC-ARIN
>
>
>
>   RTechName:   America Online, Inc.
>
>
>
>   RTechPhone:  +1-703-265-4670
>
>
>
>   RTechEmail:  domains () aol net
>
>
>
> On Fri, Jan 22, 2010 at 1:35 PM, Larry Seltzer <larry () larryseltzer com>
> wrote:
>
> Nope. I’m on my own private wifi connected to Verzon FiOS
>
>
>
> Larry Seltzer
> Contributing Editor, PC Magazine
>
> larry_seltzer () ziffdavis com
>
> http://blogs.pcmag.com/securitywatch/
>
>
>
> *From:* Benjamin Brown [mailto:optikali () gmail com]
> *Sent:* Friday, January 22, 2010 1:33 PM
> *To:* Larry Seltzer
> *Cc:* funsec () linuxbox org
> *Subject:* Re: [funsec] mystery redirect
>
>
>
> So to use this service it looks like you need
> https://remote.aol.com/clients.html
>
> All of the FAQ / Documentation stuff looks like it requires a corporate
> partners.aol login
>
> On Fri, Jan 22, 2010 at 1:10 PM, Benjamin Brown <optikali () gmail com>
> wrote:
>
> Are you using a public wireless connection?
>
> On Wed, Jan 20, 2010 at 10:43 PM, Larry Seltzer <larry () larryseltzer com>
> wrote:
>
>   So I’m sitting here watching the tube with my Bank of America account
> open in Chrome.
>
>
>
> Suddenly I see the browser redirect to
> https://mtc.remote.aol.com/dana-na/auth/url_default/welcome.cgi. I have
> attached a screen shot.
>
>
>
> WTF?
>
>
>
> Larry Seltzer
> Contributing Editor, PC Magazine
>
> larry_seltzer () ziffdavis com
>
> http://blogs.pcmag.com/securitywatch/
>
>
>
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.