dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4148
share rss forum feed

sideband6

join:2000-07-02
Redwood City, CA

Blocked Outgoing Packet to an Unknown Destination

I was watching my syslog when I saw a blocked outgoing packet to a google.com IP and then I saw this one twice, once as below and second from port 55318 instead of 56634.

Blocked outgoing TCP packet from 10.0.0.198:56634 to 74.125.19.104:80 as RST:ACK received but there is no active connection

I did a whois on the IP and I got AKAMAI TECHNOLOGIES INC, which I don't recognize. Is this anything to worry about given my router (Dlink DIR-655) is blocking it on my Vista PC?

Curt


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

4 edits
Akamai Technologies and Google are 99% of the InterWeb. In this case, you got Google.

webhost:/ # nslookup 74.125.19.104
Server:         192.168.10.2
Address:        192.168.10.2#53
 
Non-authoritative answer:
104.19.125.74.in-addr.arpa      name = cf-in-f104.google.com.
 
webhost:/ # whois 74.125.19.104
 
OrgName:    Google Inc.
OrgID:      GOGL
Address:    1600 Amphitheatre Parkway
City:       Mountain View
StateProv:  CA
PostalCode: 94043
Country:    US
 
NetRange:   74.125.0.0 - 74.125.255.255
CIDR:       74.125.0.0/16
NetName:    GOOGLE
NetHandle:  NET-74-125-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:
RegDate:    2007-03-13
Updated:    2007-05-22
 
OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc.
OrgTechPhone:  +1-650-318-0200
OrgTechEmail:  arin-contact@google.com
 
# ARIN WHOIS database, last updated 2008-05-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database
 




--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall.


Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink
reply to sideband6
said by sideband6:

I did a whois on the IP and I got AKAMAI TECHNOLOGIES INC, which I don't recognize.
Really?
--
Interested in open source engine management for your Subaru?


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to sideband6
said by sideband6:

...I did a whois on the IP and I got AKAMAI TECHNOLOGIES INC, which I don't recognize.....
»www.akamai.com/html/about/index. ··· dex.html

sideband6

join:2000-07-02
Redwood City, CA
reply to NetFixer
I must of copied the wrong one. This morning, I saw one going to America Online. It was:

D-Link Systems DIR-655 System Log: Blocked outgoing TCP packet from 10.0.0.197:63867 to 205.188.215.228:8000 as FIN:ACK received but there is no active connection.

That turns out to be an Internet radio station that I was listening to.

Here's the one to Akamai

Blocked outgoing TCP packet from 10.0.0.198:55005 to 63.147.82.91:80 as FIN:ACK received but there is no active connection

Other than a few to Google that's all I've seen since I put my router back in my circuit. I've been having line quality problems maybe they're just web pages I have up trying to update like www.nytimes.com


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

4 edits
As I previously mentioned, Akamai Technologies is actually a major integrated part of the internet, their distributed content servers are used by many if not most of the major internet sites (Microsoft for example uses Akamai quite extensively). It certainly sounds as if this is just a delayed response for a normal http request that has timed out or has otherwise been terminated.

Here is the basic information on that IP address, which appears to be an AkamaiGHost server running on a Qwest circuit:

webhost:/ # nslookup 63.147.82.91
Server:         192.168.10.2
Address:        192.168.10.2#53
 
Non-authoritative answer:
91.82.147.63.in-addr.arpa       name = 63-147-82-91.dia.static.qwest.net.
 
webhost:/ # whois 63.147.82.91
Qwest Communications Corporation QWEST-INET-8 (NET-63-144-0-0-1)
                                  63.144.0.0 - 63.151.255.255
AKAMAI TECHNOLOGIES INC Q0302-63-147-82-64 (NET-63-147-82-64-1)
                                  63.147.82.64 - 63.147.82.127
 
# ARIN WHOIS database, last updated 2008-05-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 
webhost:/ # nmap -A -p80,443 63.147.82.91
 
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2008-05-24 16:32 CDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on 63-147-82-91.dia.static.qwest.net (63.147.82.91):
PORT    STATE SERVICE  VERSION
80/tcp  open  http     AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
443/tcp open  ssl/http AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
 
 

--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers.