On 04/17/2011 12:56 PM, Sam Sharpe wrote: > On 17 April 2011 20:33, Joe Zeff<joe@xxxxxxx> wrote: >> On 04/17/2011 12:02 PM, JD wrote: >>> All 3 addresses belong to google. >>> Just do whois 1e100.net >> Domain Name: 1e100.net >> >> Registrar Name: Markmonitor.com >> Registrar Whois: whois.markmonitor.com >> Registrar Homepage: http://www.markmonitor.com >> >> Yes, Google is the administrative and technical contact, but it looks >> like marakmonitor.com is trying to hack your machine, not Google. > No, it's Google: http://www.webmasterworld.com/google/4050443.htm > > 1e100 is the scientific notation of 10^100 aka one Googol > (http://en.wikipedia.org/wiki/Googol) > > MarkMonitor is just the brand agency they are using to register the > name and "protect their global brand". > > As to what it's doing, I don't know - it sounds like it's sending > traffic from port 995 to your machine because you are connecting to > GMail. It's entirely possible that because gmail is composed of > millions of different machines, those packets are coming back not from > the machine you are directly connected to and hence aren't hitting > your ESTABLISHED,RELATED rules. You'd need plug a packet capture into > something like Wireshark and look at the conversation to know what > those packets are supposed to be. > Not savvy about wireshak. Do you have some link or info as to how to trap packets from these IP addresses? Also, would I have to change my firewall in order for wireshark to trap these packets? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
