Solved

content.yieldmanager.edgesuite.net access denied at firewall

Posted on 2009-05-07
2
6,168 Views
Last Modified: 2013-11-22
The user never gets a message from the firewall that access has been denied, and is not intentionally trying to access content .yieldmanager.net......we are using symantec BE (current version), and system scans detect no problems. Have run spybot search, malware bytes, combofix. The category 6 indicates the site is blocked for adult content. A sample firewall log and dns search of content.yieldmanager listed below.
05/06/2009 15:26:44.783 - Web site access denied - xxxxxxxxxx, 1293, LAN - 206.51.68.144, 80, WAN, host.lightcore.net - Category:6 -  MAC address: 00:0f:1f:dc:47:54 -  content.yieldmanager.edgesuite.net/atoms/af/89/cd/71/af89cd718c19effb9767f9aac609af10.gif
 

This email was generated by: SonicOS Standard 3.9.0.1-7s (0017-C51B-7F78)
 
 
 

Generated by www.DNSstuff.com at 12:38:47 GMT on 07 May 2009.
 
 

How I am searching:
 

Searching for content.yieldmanager.edgesuite.net ALL record at a.root-servers.net [198.41.0.4]: Got referral to H.GTLD-SERVERS.net. (zone: net.) [took 36 ms] 

Searching for content.yieldmanager.edgesuite.net ALL record at H.GTLD-SERVERS.net. [192.54.112.30]: Got referral to usw6.akam.net. (zone: edgesuite.net.) [took 128 ms] 

Searching for content.yieldmanager.edgesuite.net ALL record at usw6.akam.net. [96.17.144.195]: Got CNAME of a1174.g.akamai.net. and referral to m.root-servers.net [took 50 ms] 

Searching for a1174.g.akamai.net ALL record at d.root-servers.net [128.8.10.90]: Got referral to D.GTLD-SERVERS.net. (zone: net.) [took 43 ms] 

Searching for a1174.g.akamai.net ALL record at D.GTLD-SERVERS.net. [192.31.80.30]: Got referral to ze.akamaitech.net. (zone: akamai.net.) [took 31 ms] 

Searching for a1174.g.akamai.net ALL record at ze.akamaitech.net. [64.211.42.193]: Got referral to n2g.akamai.net. (zone: g.akamai.net.) [took 18 ms] 

Searching for a1174.g.akamai.net ALL record at n2g.akamai.net. [8.14.192.124]: Reports a1174.g.akamai.net. [took 6 ms] Response: 

Domain Type Class TTL Answer 

a1174.g.akamai.net. A IN 20 204.0.5.17 

a1174.g.akamai.net. A IN 20 204.0.5.9 

NOTE: One or more CNAMEs were encountered. content.yieldmanager.edgesuite.net is really a1174.g.akamai.net. 

There is no need to refresh the page -- to see the DNS traversal, to make sure that all DNS servers are reporting the same results, you can Click Here. Note that these results are obtained in real-time, meaning that these are not cached results. These results are what DNS resolvers all over the world will see right now (unless they have cached information). Note about ANY/ALL lookups: The ANY/ALL record type is designed to show every DNS record for a hostname. We display all DNS records that are returned to us. There are two catches to ANY/ALL lookups, however. The first is that it only returns DNS records for the hostname that you enter, so if you enter 'example.com' you will see the A record for example.com and MX record for example.com, but you will not see the A record for www.example.com (this isn't possible without a zone transfer, which normally requires special permission). The other catch is that some DNS servers are unfortunately set up to 'lie', and not return all the DNS records for a hostname. This behavior is the same no matter what you use to do the DNS lookup.

Open in new window

0
Comment
Question by:Gregbrusven
2 Comments
 
LVL 3

Accepted Solution

by:
rsquibb earned 500 total points
ID: 24334635
I have found that sonicwall CFS often blocks adverts thinking they are cat 6 (adult) even when they are not.  The gif file being blocked is actually advertising a free dinner!  What is it you actually want to happen?  Sonicwall not to block that certain image, or it not to notify you?
0
 

Author Comment

by:Gregbrusven
ID: 24374255
Sorry for the delay in responding....the ad is being blocked and that is fine. These firewall events of this type just started happening recently, first on one user, then over the course of a couple of weeks 5 users are generating these type of alerts. Because they have not appeared previously I am concerned that we are infected with adware or malware of some sort, even though the scanning software I have run finds no real problems. I could make the alerts go away at the firewall level, but if there were a real issue with malware, that would simply be burying head in sand. I think I will run ERD on one of the pc's and see if anything is found using that method. Maybe this is just nornal activity and no real problem exists. Thoughts???
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now