[wplug] Strange IP Traffic

Poyner, Brandon bpoyner at ccac.edu
Fri Aug 20 14:08:13 EDT 2004 

A google search on the IPs and a dig confirm that they belong to
ilovebees.net, the halo2 teaser site.
 
www.ilovebees.net.      1687    IN      A       69.25.27.170
www.ilovebees.net.      1687    IN      A       69.25.27.171
www.ilovebees.net.      1687    IN      A       69.25.27.172
www.ilovebees.net.      1687    IN      A       69.25.27.173
www.ilovebees.net.      1687    IN      A       66.150.161.133
www.ilovebees.net.      1687    IN      A       66.150.161.134
www.ilovebees.net.      1687    IN      A       66.150.161.135
www.ilovebees.net.      1687    IN      A       66.150.161.136


Brandon Poyner 
Network Engineer II 
CCAC - College Office 
412-237-3086 

	-----Original Message-----
	From: Ken [mailto:ken at ramblernet.com] 
	Sent: Friday, August 20, 2004 2:00 PM
	To: 'General user list'
	Subject: RE: [wplug] Strange IP Traffic
	
	
	I inadvertently listed the IP incorrectly, my apologies.
	It should have been 69.25.27.171 and I noticed 69.25.27.172 as
well.
	 
	The traffic is coming from services.exe on the windows box. If I
restrict it's ability to access the net, traffic stops.
	 
	I have also adjusted my WPLUG email address since it was
distracting to some. The account of wplug at ramblernet.com has been
replaced by ken at ramblernet.com. Messages sent to the previous will
bounce.
	 
	Thanks - Ken

		-----Original Message-----
		From: wplug-bounces+wplug=ramblernet.com at wplug.org
[mailto:wplug-bounces+wplug=ramblernet.com at wplug.org] On Behalf Of Ryan
Brown
		Sent: Friday, August 20, 2004 10:42 AM
		To: 'General user list'
		Subject: RE: [wplug] Strange IP Traffic
		
		

		Canonical: dialup-67.25.27.171.Dial1.Miami1.Level3.net
Numerical: 67.25.27.171

		 

		Are you by chance talking to someone in Miami on an
instant messenger client?

		 

		
  _____  


		From:  Ken 
		Sent: Friday, August 20, 2004 10:08 AM
		To: wplug at wplug.org
		Subject: [wplug] Strange IP Traffic

		 

		I've noticed some strange IP traffic from one of my W2K
systems across the firewall. 
		It appears that packets are going from my Windows box to
IP 67.25.27.171 on incremental TCP ports (reporting open ports?). I've
used the various virus & Trojan scans that report nothing. I'm not
positive but it looks like services.exe may be sending the data or being
used by another app.

		Has anyone seen this before? 

		Thanks 
		Ken 


	-- 
	This message has been scanned for viruses and 
	dangerous content by RamblerNet.com <http://www.RamblerNet.com/>
, and is 
	believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://penguin.wplug.org/pipermail/wplug/attachments/20040820/93ff9dd6/attachment-0001.html

More information about the wplug mailing list