RE: Re. NOW WHAT

Wed, 12 Dec 2001 10:35:56 -0800 

Nah IMHO there is nothing to worry about all, I think it is that when
you run live update it connects to unknown.Level3.net to download the
updates thought HTTP.

 TCP default:1335 unknown.Level3.net:80 ESTABLISHED
        
unknown.Level3.net:80 = Means you have connected it thought port 80
IE:HTTP/WEB
default:1335 = Means that it has connected to you on port 1335 which is
more than likely the port that live update runs on.

Best Regards 
Mark Godden 
Orbital Net Support 
 


-----Original Message-----
From: Simon Barr [mailto:[EMAIL PROTECTED]] 
Sent: 11 December 2001 09:39
To: Security-Basics
Subject: Re. NOW WHAT


>  -----Original Message-----
>  From: George [mailto:[EMAIL PROTECTED]]
>  Sent: 08 December 2001 01:45
>  To: [EMAIL PROTECTED]
>  Subject: Now What?
>
>
>  Okay, after goofing and wondering about akamai.net, there is good
reason
>to hesitate when again asking about symantecs live update. After all,
last
>time it was legit, but now?
>
>  For some reason, with no other connections open, netstat shows this
when
>connected to live update:
>
>  Proto Local Address Foreign Address State
>  TCP default:1335 0.0.0.0:0 LISTENING
>  TCP default:1335 unknown.Level3.net:80 ESTABLISHED
>  TCP default:pop3 0.0.0.0:0 LISTENING
>
>  tive Connections
>
>  Proto Local Address Foreign Address State
>  TCP default:1335 0.0.0.0:0 LISTENING
>  TCP default:1335 unknown.Level3.net:80 ESTABLISHED
>  TCP default:pop3 0.0.0.0:0 LISTENING
>
>  And this time I had the good sense to do a search for Level13.net at
>symentec's site before posting here, and it was not found. Also, I've
tried
>sending an email to the Level13 webmaster listed on their page, but it
>bounced. Is this something to worry about?
>
>  TIA,
>
>  George

simon@mail:~$ nslookup unknown.level3.net
Server:  ns-cache0.dircon.co.uk
Address:  194.112.32.1

Non-authoritative answer:
Name:    www.Level3.com
Address:  209.245.19.41
Aliases:  unknown.level3.net

If you go to www.level3.com and look around it seems as if Level3 are
some
sort of network provider.  Maybe They provide the connectivity for
Symantec.

Simon Barr

E-mail: [EMAIL PROTECTED]

Reply via email to