Seemingly random floppy seeks can be caused by Microsoft Office. In Office
95/97, Office installs a utilty called FINDFAST. Its meant to index all local
drives including the floppy drives. Periodically, it will do a seek on the
floppy drive to see if there is any data that it needs ot index.
Not sure if this is in Office 2k or XP.
Doubt that this is related to your weird connections
Good luck.
Craig
John,
I've seen the same on my Win2K server, but when the floppy seek occurs I did
not see any open connection to the outside. If I put a floppy in the drive
it stops seeking it. So my guess is that Windows internally seeks the floppy
for one reason or the other. I've searched th MS Knowledge Base on this but
found no issues that are related to this behaviour. So I don't know what is
causing the floppy drive to be seeked. Maybe someone else has the answer for
that question?
Regards Martijn.
C-it B.V.
www.c-it.nl
-----Original Message-----
From: John D from Best Price Cruises [mailto:[EMAIL PROTECTED]]
Sent: dinsdag 9 juli 2002 23:28
To: Security-Basics Mail List
Subject: Strange Connections
Okay, This is sort of a two part question:
1. A while ago, my Win2k server here at the office had its floppy drive
crank up (like when you try and access the drive with no disk in it). There
was nothing running that would have needed the floppy drive. Anyways, just
because I was curious I ran netstat and saw a bung of connections from
prisoner.iana.org that I have never seen before. I did a search on Google
and found only a few references to the address, most dealing with potential
hackers using a spoofed ip (none of the people making the posts seemed very
knowledgable and they contained very little info). Anyone ever seen any
abuse by this address, have any idea why it would connect to my server, or
why the disk drive cranked up? (If I am just crazy, thinking that the
prisoner.iana.org thing and the disk drive have anything to do with each
other please feel free to smack me)...
2. I am running a SMC Barricade broadband router... does anyone know of any
vulinabilities that would allow an attacker to port scan through the routers
firewall to the internal network? (possibly firewalk?) I can't seem to find
any specific info for the SMC and the problem still exists (or so says
snort) after upgrading the firmware.
Thanks in advance for the help guys,
John D
Best Price Cruises
