Re: Phantom connections to 216.37.13.59 & .196
From: Marcin Gryszkalis (mgryszkalis@cerint.pl)Date: 06/03/02
- Previous message: Lufo: "Phantom connections to 216.37.13.59 & .196"
- In reply to: Lufo: "Phantom connections to 216.37.13.59 & .196"
- Next in thread: Brian Carpenter: "RE: Phantom connections to 216.37.13.59 & .196"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 Jun 2002 17:51:59 +0200 From: Marcin Gryszkalis <mgryszkalis@cerint.pl> To: Lufo <lufo@iespana.es>, focus-ms@securityfocus.com
> We've noticed that some of the winXP boxes inside our LAN mantain
> several connections open to 216.37.13.59 & 216.37.13.196, port 80.
> Those servers do not get identified with reverse dns, whois nor
> traceroute.
they don't have dns entries but I can ping/traceroute/whois them:
root@black:/www/fp2,0# whois 216.37.13.196
One Call Communications (NETBLK-OCCI-NET)
801 Congressional Blvd
Carmel, IN 46032
US
Netname: OCCI-NET
Netblock: 216.37.0.0 - 216.37.63.255
Maintainer: OCCI
Coordinator:
Werner, Todd (TW66-ARIN) twerner@ONECALL.NET
(317)580-7165
Domain System inverse mapping provided by:
CEREBUS.ONECALL.NET 206.223.22.1
WEB.ONECALL.NET 206.223.22.2
CEREBUS.OPTICOM.NET 207.7.18.1
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 08-Jun-2001.
Database last updated on 2-Jun-2002 19:58:45 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
-- Marcin Gryszkalis <mg@cerint.pl> or <dagoon@math.uni.lodz.pl>
- Previous message: Lufo: "Phantom connections to 216.37.13.59 & .196"
- In reply to: Lufo: "Phantom connections to 216.37.13.59 & .196"
- Next in thread: Brian Carpenter: "RE: Phantom connections to 216.37.13.59 & .196"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
