Re. NOW WHAT

From: Simon Barr (simon.barr@chelsing.co.uk)
Date: 12/11/01


From: "Simon Barr" <simon.barr@chelsing.co.uk>
To: "Security-Basics" <security-basics@securityfocus.com>
Date: Tue, 11 Dec 2001 09:38:58 -0000


> -----Original Message-----
> From: George [mailto:search-research@worldnet.att.net]
> Sent: 08 December 2001 01:45
> To: security-basics@securityfocus.com
> Subject: Now What?
>
>
> Okay, after goofing and wondering about akamai.net, there is good reason
>to hesitate when again asking about symantecs live update. After all, last
>time it was legit, but now?
>
> For some reason, with no other connections open, netstat shows this when
>connected to live update:
>
> Proto Local Address Foreign Address State
> TCP default:1335 0.0.0.0:0 LISTENING
> TCP default:1335 unknown.Level3.net:80 ESTABLISHED
> TCP default:pop3 0.0.0.0:0 LISTENING
>
> tive Connections
>
> Proto Local Address Foreign Address State
> TCP default:1335 0.0.0.0:0 LISTENING
> TCP default:1335 unknown.Level3.net:80 ESTABLISHED
> TCP default:pop3 0.0.0.0:0 LISTENING
>
> And this time I had the good sense to do a search for Level13.net at
>symentec's site before posting here, and it was not found. Also, I've tried
>sending an email to the Level13 webmaster listed on their page, but it
>bounced. Is this something to worry about?
>
> TIA,
>
> George

simon@mail:~$ nslookup unknown.level3.net
Server: ns-cache0.dircon.co.uk
Address: 194.112.32.1

Non-authoritative answer:
Name: www.Level3.com
Address: 209.245.19.41
Aliases: unknown.level3.net

If you go to www.level3.com and look around it seems as if Level3 are some
sort of network provider. Maybe They provide the connectivity for Symantec.

Simon Barr

E-mail: simon.barr@chelsing.co.uk