[wplug] Strange IP Traffic
Poyner, Brandon
bpoyner at ccac.edu
Fri Aug 20 14:14:18 EDT 2004
Oops, confusing my .coms with my .nets. Not sure what the .net one is
about.
Brandon Poyner
Network Engineer II
CCAC - College Office
412-237-3086
-----Original Message-----
From: Poyner, Brandon
Sent: Friday, August 20, 2004 2:08 PM
To: General user list
Subject: RE: [wplug] Strange IP Traffic
A google search on the IPs and a dig confirm that they belong to
ilovebees.net, the halo2 teaser site.
www.ilovebees.net. 1687 IN A 69.25.27.170
www.ilovebees.net. 1687 IN A 69.25.27.171
www.ilovebees.net. 1687 IN A 69.25.27.172
www.ilovebees.net. 1687 IN A 69.25.27.173
www.ilovebees.net. 1687 IN A 66.150.161.133
www.ilovebees.net. 1687 IN A 66.150.161.134
www.ilovebees.net. 1687 IN A 66.150.161.135
www.ilovebees.net. 1687 IN A 66.150.161.136
Brandon Poyner
Network Engineer II
CCAC - College Office
412-237-3086
-----Original Message-----
From: Ken [mailto:ken at ramblernet.com]
Sent: Friday, August 20, 2004 2:00 PM
To: 'General user list'
Subject: RE: [wplug] Strange IP Traffic
I inadvertently listed the IP incorrectly, my apologies.
It should have been 69.25.27.171 and I noticed
69.25.27.172 as well.
The traffic is coming from services.exe on the windows
box. If I restrict it's ability to access the net, traffic stops.
I have also adjusted my WPLUG email address since it was
distracting to some. The account of wplug at ramblernet.com has been
replaced by ken at ramblernet.com. Messages sent to the previous will
bounce.
Thanks - Ken
-----Original Message-----
From:
wplug-bounces+wplug=ramblernet.com at wplug.org
[mailto:wplug-bounces+wplug=ramblernet.com at wplug.org] On Behalf Of Ryan
Brown
Sent: Friday, August 20, 2004 10:42 AM
To: 'General user list'
Subject: RE: [wplug] Strange IP Traffic
Canonical:
dialup-67.25.27.171.Dial1.Miami1.Level3.net Numerical: 67.25.27.171
Are you by chance talking to someone in Miami on
an instant messenger client?
_____
From: Ken
Sent: Friday, August 20, 2004 10:08 AM
To: wplug at wplug.org
Subject: [wplug] Strange IP Traffic
I've noticed some strange IP traffic from one of
my W2K systems across the firewall.
It appears that packets are going from my
Windows box to IP 67.25.27.171 on incremental TCP ports (reporting open
ports?). I've used the various virus & Trojan scans that report nothing.
I'm not positive but it looks like services.exe may be sending the data
or being used by another app.
Has anyone seen this before?
Thanks
Ken
--
This message has been scanned for viruses and
dangerous content by RamblerNet.com
<http://www.RamblerNet.com/> , and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://penguin.wplug.org/pipermail/wplug/attachments/20040820/934e8980/attachment-0001.html
More information about the wplug
mailing list