Snort mailing list archives

Sneaky traffic WAS: RE: openaanval calling home

From: "Travis Wixel" <traxely () hotmail com>
Date: Tue, 20 Apr 2004 01:20:36 +0000


This URL was in the code:
http://update.aanval.com/updater/openaanval_ver

It is just pulling down the latest version of openaanval and checking thatagainst the file:

/aanval_site_dir/version/version.txt

If they do not match it displays the new available version and gives you alink to download.

My install v1.42 was set to poll every 30 minutes (from process.php in the/apps/ dir)


This is easily turned off within your conf.php file:
$version_checking=1;

I on the other hand chose to leave it on, as it is a nice feature as long asthey don't abuse it. I do think they need to publish that they do this, justas some of us are very very security aware and would want to know everythingwhich is going on.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of BM HM
Sent: Monday, April 19, 2004 5:50 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] openaanval calling home

I was just watching some tcpdump traffic and noticed my snort box making an
outbound connection to 217.160.255.191

Looking up the IP I found that it is the website for openaanval
'www.aanval.com'. It appears that exactly every 30 minutes, I mean EXACTLY
it makes a short http connection to the aanval website.

I looked through the php code and I think it is simply checking for version
information, but I am not experienced enough to know for real. Is this
something I should be concerned about?

Could they be piggy-backing data maybe? What would they want to collect
anyway?

_________________________________________________________________

Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage!http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Sneaky traffic WAS: RE: openaanval calling home Travis Wixel (Apr 19)
- <Possible follow-ups>
- RE: Sneaky traffic WAS: RE: openaanval calling home Travis Wixel (Apr 19)