Good Afternoon, I am seeing some strange traffic from www.eyeblaster-bs.com on both network and host based IDS. More specifically, I'm seeing TCP port 80 (http) traffic from multiple internal clients to http://www.eyeblaster-bs.com/BurstingPipe and http://www.eyeblastrer-bs.com/BurstingPipe.asp?param=% . So far, it looks like normal surfing....well...almost. The strange thing is that I have seen traffic that appears to be sourced from this server to clients (dest port 80) on the Internal Network (which should be relatively protected as they use Port Address Translation, not to mention that port 80 is not allowed to those client machines). I've seen this URL mentioned on several usage reports, but have not seen any explanations about what it is. Let me know what you think. Here are some of the other networks that have seen traffic TO this server: http://www.olc.edu/~bbump/usage/ns1/7th/url_200211.html http://network.ci.seekonk.ma.us/WebUsage/Library/url_200212.html http://www.bsafehome.com/historyreport.asp -Jeremy These are not the packets you're looking for...You can go about your business.....Move along.... :-) ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 30 2003 - 08:12:39 PDT