Re: suspicious IP address

Sat, 2 Jan 1999 13:52:22 -0800 

McAfee it is!

[root@burner cdimage6]# whois [EMAIL PROTECTED]
[arin.net]
UUNET Technologies, Inc.
 (NETBLK-UUNET1996B) UUNET1996B
                                                 208.192.0.0 - 208.249.255.255
McAfee Associates (NETBLK-UU-208-228-224) UU-208-228-224
                                               208.228.224.0 - 208.228.239.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.
[root@burner cdimage6]#


Michael Doerner wrote:
> 
> Hi,
> 
> I am using diald 0.99-1 on my SuSE 6.2 gateway machine for quite a while now
> and I am happy to see as it is working fine. Thanks for all the development
> work!
> 
> I am running a local caching/forwarding DNS server and there are no unwanted
> dialouts to the Internet.
> 
> Last night, while I was working on a workstation I realised the modem was
> dialling out and I hadn't started a browser or anything else at that time.
> Looking what triggered the dialout I found this:
> 
> Nov  4 23:00:11 linux01 diald[174]: Trigger: udp      192.168.0.15/371
> 208.228.235.200/370
> 
> OK, it was initiated from the PC where I was working on (192.168.0.15) but
> what is port 370 or 371 for? I found these port neither defined for UDP nor
> TCP in my Linux's services?
> 
> Next strange thing: IP 208.228.235.200. I tried to resolve that IP address
> later with a nslookup and it was _not_ resolved/no result. I have never seen
> that before. As far as I see this should be a public Internet address and I
> thought all of the public address should be pointing to a DNS resolution on
> the net?
> 
> I suspect the whole story might have to do with an app called "BackWeb" as
> part of McAfee's Anti Virus suite but all the above details are strange for
> me.
> 
> Any ideas?
> 
> Regards,
> Michael Doerner
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]

-- 
Ed Jaeger, CFO, Bohlender Graebener Corporation
[EMAIL PROTECTED]
http://www.bgcorp.com
---
"Only those who will risk going too far can possibly find out how far
one can go."

    -- T. S. Eliot

-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]

Reply via email to