Weird Traffic from www.eyeblaster-bs.com

• Previous message: Justin Pryzby: "Whois updates, Was: [Re: Possible Intrusion Attempt?]"
• Next in thread: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
• Maybe reply: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 May 2003 14:44:59 -0700
To: <incidents@securityfocus.com>

Good Afternoon,

I am seeing some strange traffic from www.eyeblaster-bs.com on both
network and host based IDS. More specifically, I'm seeing TCP port 80
(http) traffic from multiple internal clients to
http://www.eyeblaster-bs.com/BurstingPipe and
http://www.eyeblastrer-bs.com/BurstingPipe.asp?param=% . So far, it
looks like normal surfing....well...almost. The strange thing is that I
have seen traffic that appears to be sourced from this server to clients
(dest port 80) on the Internal Network (which should be relatively
protected as they use Port Address Translation, not to mention that port
80 is not allowed to those client machines). I've seen this URL
mentioned on several usage reports, but have not seen any explanations
about what it is. Let me know what you think.

Here are some of the other networks that have seen traffic TO this
server:
http://www.olc.edu/~bbump/usage/ns1/7th/url_200211.html
http://network.ci.seekonk.ma.us/WebUsage/Library/url_200212.html
http://www.bsafehome.com/historyreport.asp

-Jeremy

These are not the packets you're looking for...You can go about your
business.....Move along....
:-)

----------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Justin Pryzby: "Whois updates, Was: [Re: Possible Intrusion Attempt?]"
• Next in thread: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
• Maybe reply: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Batch file IP Printer setup in Windows XP and 2000 ... since the clients are Win2k and XP, it would be best to use the printui ... You need to have the port already added on the ... rundll32 printui.dll,PrintUIEntry /? ... shared network drive that everyone can see. ... (microsoft.public.windowsxp.print_fax) RE: Printing from Win9x clients stops ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ... (microsoft.public.windows.server.sbs) RE: SBS 2003, ISA 2004 ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: ERS 8600, simple setup, IP, VLANs, etc. ... management port is just used to hang an IP address to. ... associated with an interface, such as a VLAN. ... fairly functionally homogenous network), but something that is ... or OS virtuallization - except that networks have been doing this kind of ... (comp.dcom.sys.nortel) network slowness/freez-up since update 10/11 ... network problems: first the network is slow (even within a few ... network - but not the rest of the system - just locks up (can't ping ... OHCI version 1.0, legacy support ... <Parallel port bus> on ppc0 ... (freebsd-current)