[wplug] Strange IP Traffic

Poyner, Brandon bpoyner at ccac.edu
Fri Aug 20 14:14:18 EDT 2004


Oops, confusing my .coms with my .nets.  Not sure what the .net one is
about.

Brandon Poyner 
Network Engineer II 
CCAC - College Office 
412-237-3086 

	-----Original Message-----
	From: Poyner, Brandon 
	Sent: Friday, August 20, 2004 2:08 PM
	To: General user list
	Subject: RE: [wplug] Strange IP Traffic
	
	
	A google search on the IPs and a dig confirm that they belong to
ilovebees.net, the halo2 teaser site.
	 
	www.ilovebees.net.      1687    IN      A       69.25.27.170
	www.ilovebees.net.      1687    IN      A       69.25.27.171
	www.ilovebees.net.      1687    IN      A       69.25.27.172
	www.ilovebees.net.      1687    IN      A       69.25.27.173
	www.ilovebees.net.      1687    IN      A       66.150.161.133
	www.ilovebees.net.      1687    IN      A       66.150.161.134
	www.ilovebees.net.      1687    IN      A       66.150.161.135
	www.ilovebees.net.      1687    IN      A       66.150.161.136
	

	Brandon Poyner 
	Network Engineer II 
	CCAC - College Office 
	412-237-3086 

		-----Original Message-----
		From: Ken [mailto:ken at ramblernet.com] 
		Sent: Friday, August 20, 2004 2:00 PM
		To: 'General user list'
		Subject: RE: [wplug] Strange IP Traffic
		
		
		I inadvertently listed the IP incorrectly, my apologies.
		It should have been 69.25.27.171 and I noticed
69.25.27.172 as well.
		 
		The traffic is coming from services.exe on the windows
box. If I restrict it's ability to access the net, traffic stops.
		 
		I have also adjusted my WPLUG email address since it was
distracting to some. The account of wplug at ramblernet.com has been
replaced by ken at ramblernet.com. Messages sent to the previous will
bounce.
		 
		Thanks - Ken

			-----Original Message-----
			From:
wplug-bounces+wplug=ramblernet.com at wplug.org
[mailto:wplug-bounces+wplug=ramblernet.com at wplug.org] On Behalf Of Ryan
Brown
			Sent: Friday, August 20, 2004 10:42 AM
			To: 'General user list'
			Subject: RE: [wplug] Strange IP Traffic
			
			

			Canonical:
dialup-67.25.27.171.Dial1.Miami1.Level3.net Numerical: 67.25.27.171

			 

			Are you by chance talking to someone in Miami on
an instant messenger client?

			 

			
  _____  


			From:  Ken 
			Sent: Friday, August 20, 2004 10:08 AM
			To: wplug at wplug.org
			Subject: [wplug] Strange IP Traffic

			 

			I've noticed some strange IP traffic from one of
my W2K systems across the firewall. 
			It appears that packets are going from my
Windows box to IP 67.25.27.171 on incremental TCP ports (reporting open
ports?). I've used the various virus & Trojan scans that report nothing.
I'm not positive but it looks like services.exe may be sending the data
or being used by another app.

			Has anyone seen this before? 

			Thanks 
			Ken 


		-- 
		This message has been scanned for viruses and 
		dangerous content by RamblerNet.com
<http://www.RamblerNet.com/> , and is 
		believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://penguin.wplug.org/pipermail/wplug/attachments/20040820/934e8980/attachment-0001.html


More information about the wplug mailing list