Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Quote Originally Posted by bratsadtar View Post
    Please note: This is not the full address that is used for the updates of the product.
    Correct, the actual location each client is looking for looks like this:

    Code:
    http://update.nai.com/products/commonupdater
    OR
    Code:
    ftp://ftp.nai.com/CommonUpdater
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

  2. #12
    Untangler
    Join Date
    Sep 2008
    Posts
    30

    Default

    Quote Originally Posted by Xolo View Post
    Correct, the actual location each client is looking for looks like this:

    Code:
    http://update.nai.com/products/commonupdater
    OR
    Code:
    ftp://ftp.nai.com/CommonUpdater
    thanks for the full path... now the site is opening in browser...

    have u checked any of the file extensions(.upd, .gem, .z, .mcs...etc.) in this update folder is in the Blocked list ?

  3. #13
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Quote Originally Posted by nishad View Post
    thanks for the full path... now the site is opening in browser...

    have u checked any of the file extensions(.upd, .gem, .z, .mcs...etc.) in this update folder is in the Blocked list ?
    I have not changed the default set of file extensions to be scanned in Virus Blocker.
    It has now been two days, and it appears that the daily update received on 2008-12-17 for Virus Blocker have resolved the issue.
    Virus Blocker currently shows as "Virus Blocker signatures were last updated: 2008-12-18 8:28:29 am", and also does not contain the issue.

    Write it down to a bad ClamAV database update?
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

  4. #14
    Untangler
    Join Date
    Sep 2008
    Posts
    30

    Default

    I think what you got in the report is a real phishing stuff my findings are... I was trying to approch this issue in a differentway... might be I am wrong.

    when I ping update.nai.com resolving IP is 84.53.182.* range
    C:\Documents and Settings\####>ping update.nai.com

    Pinging a2047.x.akamai.net [84.53.182.201] with 32 bytes of data:

    [Reply from 84.53.182.201: bytes=32 time=215ms TTL=53]


    But the nslookup showing the result for server IP 213.155.157.2/16 claiming it is a yahoo.com ip.
    ---------------------------------------------
    "nslookup" result for IP 213.155.157.2

    C:\Documents and Settings\####>nslookup 213.155.157.2
    Server: dns.***.com
    Address: *.*.*.*

    Name: UNKNOWN-213-155-157-2.yahoo.com
    Address: 213.155.157.2
    ****************************************

    anything here helps you...?

  5. #15
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    That's pretty scary... I think the DNS server you use is compromised...

    nslookup update.nai.com
    Server: my dnsserver
    Address: x.x.x.x

    Non-authoritative answer:
    Name: a2047.x.akamai.net
    Addresses: 143.215.203.17, 143.215.203.23, 143.215.203.32, 143.215.203.33
    143.215.203.39, 143.215.203.14, 143.215.203.16
    Aliases: update.nai.com, update.nai.com.edgesuite.net
    --------------------------------
    Juan Machado
    --------------------------------

  6. #16
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,708

    Default

    no akamai is a CDN. it's trivial to do a dns redirect to a cdn and that is all you are seeing..something purposefully done.

  7. #17
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    I'm beginning to suspect this automatic upgrade to Untangle 6.0.1 wasn't so good after all.
    The reports for yesterday are either missing or damaged, and I can't view most of the modules...

    As for the Akamai addresses, hescominsoon is right. Depending on my location and the moment of looking up the address, a different IP/Nameserver responds
    I am getting odd results when using my ISP's DNS versus OpenDNS. i'll report back la
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2