Very interesting. The IP that my connection attempt came from, and it
was only once, was 207.46.197.102
Reverse gives me microsoft.com
On Tue, 03 Jul 2001 21:24:26 -0300, Federico Voges wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Just to satisfy my curiosity, I did an update yesterday (using Windows
>Update, obviuosly).
>
>I few minutes ago, I've received a mail from LogCheck with the logged
>attemps to connect to port 1178 :)
>But to my surprise, those attempts wasn't coming from microsoft.com but
>from ck1.vip.sce.yahoo.com !?
>
>Here's the excerpt from the mail:
>
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Jul 3 20:46:23 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=10629 F=0x4000 T=50
>(#31)
>Jul 3 20:46:25 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=12209 F=0x4000 T=50
>(#31)
>Jul 3 20:46:26 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=40 S=0x40 I=12286 F=0x4000 T=50
>(#31)
>Jul 3 20:46:43 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=22410 F=0x4000 T=50
>(#31)
>Jul 3 20:47:07 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=35888 F=0x4000 T=50
>(#31)
>Jul 3 20:47:37 drakis kernel: Packet log: input DENY ppp0 PROTO=6
>209.1.225.5:80 200.51.209.143:1178 L=40 S=0x40 I=53011 F=0x4000 T=50
>(#31)
>
>On Mon, 02 Jul 2001 20:29:50 -0700 (PST), Shawn Tayler wrote:
>
>>On 02 Jul 2001 08:30:26 -0700, Aaron Grewell wrote:
>>
>>>They probably didn't. Source obfuscation is a time-honored tradition in
>>>portscanning.
>>
>>Ah, but I got another tidbit on this today. Apparently I am not the
>>only person this has happened to. People are finding port scans on
>>1178 from Microsoft.Com the day after a Windows Online update is
>>executed on a regular basis. Anyone on the list have a Winblows box
>>behind a firewall they'd like to test my theory on?
>>
>>stayler
>>
>>_______________________________________________
>>http://linux.nf -- [EMAIL PROTECTED]
>>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
>
>
>Federico Voges
>Socio gerente
>
>Intrasoft
>Malabia 2137 14 A
>(1425) Buenos Aires
>Argentina
>
>Te/Fax: 54-11-4833-5182
>e-mail: [EMAIL PROTECTED]
>Web: http://www.intrasoft.com.ar
>
>PGP Public Key Fingerprint: A536 4595 EB6F D197 FBC1 5C3A 145C 2516
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its
>affiliated companies.
>
>iQA/AwUBO0JiOhRcJRaVKt4XEQKRGwCaA2UpAbt2fF/hrXBxCD3M3BTBJoUAnjV+
>2o9xJv/0U4IcUjryUsGEUHnO
>=YiRy
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
>
>
>
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
>
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
