Snort mailing list archives
Sneaky traffic WAS: RE: openaanval calling home
From: "Travis Wixel" <traxely () hotmail com>
Date: Tue, 20 Apr 2004 01:20:36 +0000
This URL was in the code: http://update.aanval.com/updater/openaanval_verIt is just pulling down the latest version of openaanval and checking that against the file:
/aanval_site_dir/version/version.txtIf they do not match it displays the new available version and gives you a link to download.
My install v1.42 was set to poll every 30 minutes (from process.php in the /apps/ dir)
This is easily turned off within your conf.php file: $version_checking=1;I on the other hand chose to leave it on, as it is a nice feature as long as they don't abuse it. I do think they need to publish that they do this, just as some of us are very very security aware and would want to know everything which is going on.
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of BM HM Sent: Monday, April 19, 2004 5:50 PM To: snort-users () lists sourceforge net Subject: [Snort-users] openaanval calling home I was just watching some tcpdump traffic and noticed my snort box making an outbound connection to 217.160.255.191 Looking up the IP I found that it is the website for openaanval 'www.aanval.com'. It appears that exactly every 30 minutes, I mean EXACTLY it makes a short http connection to the aanval website. I looked through the php code and I think it is simply checking for version information, but I am not experienced enough to know for real. Is this something I should be concerned about? Could they be piggy-backing data maybe? What would they want to collect anyway? _________________________________________________________________Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sneaky traffic WAS: RE: openaanval calling home Travis Wixel (Apr 19)
- <Possible follow-ups>
- RE: Sneaky traffic WAS: RE: openaanval calling home Travis Wixel (Apr 19)