On 04/17/2011 12:56 PM, Sam Sharpe wrote:
On 17 April 2011 20:33, Joe Zeffjoe@zeff.us wrote:
On 04/17/2011 12:02 PM, JD wrote:
All 3 addresses belong to google. Just do whois 1e100.net
Domain Name: 1e100.net
Registrar Name: Markmonitor.com Registrar Whois: whois.markmonitor.com Registrar Homepage: http://www.markmonitor.comYes, Google is the administrative and technical contact, but it looks like marakmonitor.com is trying to hack your machine, not Google.
No, it's Google: http://www.webmasterworld.com/google/4050443.htm
1e100 is the scientific notation of 10^100 aka one Googol (http://en.wikipedia.org/wiki/Googol)
MarkMonitor is just the brand agency they are using to register the name and "protect their global brand".
As to what it's doing, I don't know - it sounds like it's sending traffic from port 995 to your machine because you are connecting to GMail. It's entirely possible that because gmail is composed of millions of different machines, those packets are coming back not from the machine you are directly connected to and hence aren't hitting your ESTABLISHED,RELATED rules. You'd need plug a packet capture into something like Wireshark and look at the conversation to know what those packets are supposed to be.
Not savvy about wireshak. Do you have some link or info as to how to trap packets from these IP addresses? Also, would I have to change my firewall in order for wireshark to trap these packets?