[ale] Totally OT

Joe Steele joe at madewell.com
Thu Oct 28 11:31:39 EDT 1999


I replicated the phenomenon.  I'm sorry to say that the truth makes far less interesting reading than everyone's conjectures :-(

Among IE's list of recently typed URLs was the following URL:

ftp://ftp.efficient.com/pub/support/5000/5250/5250ins.pdf

When the dropdown box was opened, tcpdump (see tcpdump below) showed that IE looked up ftp.efficient.com, and then proceeded to establish an ftp connection (see ftp commands below) wherein IE changes directories into /pub/support/5000/5250/.

A logical approach would have been for IE to wait and see if the user actually clicks on the URL before taking any action, but logic is apparently not the MS way.

--Joe

tcpdump:

10:31:08.750940 joe.local.2021 > lan2.local.domain: 1+ A? ftp.efficient.com. (35)
10:31:08.750940 lan2.local.domain > joe.local.2021: 1 2/4/4 CNAME webserv.efficient.com., A webserv.efficient.com (227)
10:31:08.920923 webserv.efficient.com.ftp > joe.local.2022: S 241651:241651(0) ack 92538493 win 8760 <mss 1460> (DF)
10:31:08.920923 user-37ka0pg.dialup.mindspring.com.61687 > webserv.efficient.com.ftp: . ack 241652 win 8760 (DF)
10:31:09.070908 webserv.efficient.com.ftp > joe.local.2022: P 1:51(50) ack 1 win 8760 (DF)
10:31:09.070908 user-37ka0pg.dialup.mindspring.com.61687 > webserv.efficient.com.ftp: P 0:16(16) ack 51 win 8710 (DF)
10:31:09.300885 webserv.efficient.com.ftp > joe.local.2022: P 51:123(72) ack 17 win 8744 (DF)
10:31:09.300885 user-37ka0pg.dialup.mindspring.com.61687 > webserv.efficient.com.ftp: P 16:32(16) ack 123 win 8638 (DF)
10:31:09.520863 webserv.efficient.com.ftp > joe.local.2022: P 123:177(54) ack 33 win 8728 (DF)
10:31:09.660849 user-37ka0pg.dialup.mindspring.com.61687 > webserv.efficient.com.ftp: . ack 177 win 8584 (DF)
10:31:09.890827 webserv.efficient.com.ftp > joe.local.2022: P 177:399(222) ack 33 win 8728 (DF)
10:31:09.920824 user-37ka0pg.dialup.mindspring.com.61687 > webserv.efficient.com.ftp: P 32:38(6) ack 399 win 8362 (DF)
10:31:10.080808 webserv.efficient.com.ftp > joe.local.2022: P RL which you have
visited recently, but don't click on any URL, there is some data transferred
over the net.

Now, I'm not paranoid or anything, but just what info gets sent out, and who
do you suppose gets that info? Hmmm? Bet someone on this list knows.

Regards,
Irv






More information about the Ale mailing list