Re. NOW WHAT

From: Simon Barr (simon.barr@chelsing.co.uk)
Date: 12/11/01 

From: "Simon Barr" <simon.barr@chelsing.co.uk>
To: "Security-Basics" <security-basics@securityfocus.com>
Date: Tue, 11 Dec 2001 09:38:58 -0000

> -----Original Message-----
> From: George [mailto:search-research@worldnet.att.net]
> Sent: 08 December 2001 01:45
> To: security-basics@securityfocus.com
> Subject: Now What?
>
>
> Okay, after goofing and wondering about akamai.net, there is good reason
>to hesitate when again asking about symantecs live update. After all, last
>time it was legit, but now?
>
> For some reason, with no other connections open, netstat shows this when
>connected to live update:
>
> Proto Local Address Foreign Address State
> TCP default:1335 0.0.0.0:0 LISTENING
> TCP default:1335 unknown.Level3.net:80 ESTABLISHED
> TCP default:pop3 0.0.0.0:0 LISTENING
>
> tive Connections
>
> Proto Local Address Foreign Address State
> TCP default:1335 0.0.0.0:0 LISTENING
> TCP default:1335 unknown.Level3.net:80 ESTABLISHED
> TCP default:pop3 0.0.0.0:0 LISTENING
>
> And this time I had the good sense to do a search for Level13.net at
>symentec's site before posting here, and it was not found. Also, I've tried
>sending an email to the Level13 webmaster listed on their page, but it
>bounced. Is this something to worry about?
>
> TIA,
>
> George

simon@mail:~$ nslookup unknown.level3.net
Server: ns-cache0.dircon.co.uk
Address: 194.112.32.1

Non-authoritative answer:
Name: www.Level3.com
Address: 209.245.19.41
Aliases: unknown.level3.net

If you go to www.level3.com and look around it seems as if Level3 are some
sort of network provider. Maybe They provide the connectivity for Symantec.

Simon Barr

E-mail: simon.barr@chelsing.co.uk

Relevant Pages

  • RE: Re. NOW WHAT
    ... TCP default:1335 unknown.Level3.net:80 ESTABLISHED ... more than likely the port that live update runs on. ... > For some reason, with no other connections open, netstat shows this ... > TCP default:1335 0.0.0.0:0 LISTENING ...
    (Security-Basics)
  • Re: System Idle Process making TCP connections
    ... LISTENING or ESTABLISHED state? ... All of the System Idle Process connections listed are in the TIME_WAIT ... RSLINX.EXE:516 TCP 0.0.0.0:2222 0.0.0.0:0 LISTENING ...
    (Incidents)
  • Re: Strange X-Windows behaviour
    ... > connections aren't something I use very often. ... > TCP, run an X client on that machine, and have it display on my local X ... > xhost +remotemachine ... UDP 177 which is where XDMCP Is listening. ...
    (comp.os.linux.misc)
  • Re: FTp connect problem
    ... and still no luck. ... Active Connections ... TCP aspeedyresponse:smtp aspeedyresponse:0 LISTENING ...
    (microsoft.public.inetserver.iis)
  • RE: Epmap Connectionn Problem
    ... I can only offer my theory, but is it possible you may have a network ... windows firewall to log successful connections and dropped packets. ... > TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING ...
    (microsoft.public.windowsxp.general)