Re: URGENT - Logs - outgoing 443 traffic
From: <©¿©> (user_at_127.0.0.1)
Date: 11/18/04
- Next message: <©¿©>: "Re: Kerio - What is OFFICEGUI32.EXE?"
- Previous message: slavek: "Checkpoint -Failed to update policy"
- In reply to: Nigel Wade: "Re: URGENT - Logs - outgoing 443 traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Nov 2004 14:11:32 GMT
barney probably does not know about/or how to use
http://www.dnsstuff.com/...
"Nigel Wade" <nmw@ion.le.ac.uk> wrote in message
news:cncjvu$k4i$1@south.jnrs.ja.net...
> barney wrote:
>
>> Hi, I seem to have a machine opening up gawd knows how many ports
>> contacting some IP. A possible trojan? I don't know the ip.
>>
>>
>> 1 11/16/2004 09:43:45 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1118 193.108.72.64:443 ACCESS FORWARD
>
> That's the HSBC.
> Where you doing Internet banking at the time?
>
>> 33 11/16/2004 09:43:38 Firewall default policy: TCP (L to W)
>> 192.168.0.7:1928 80.229.154.244:80 ACCESS FORWARD
>
> PlusNet, are you a PlusNet customer?
>
>> 34 11/16/2004 09:43:38 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1088 193.108.72.64:443 ACCESS FORWARD
>> 35 11/16/2004 09:43:37 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1087 65.54.183.192:443 ACCESS FORWARD
>
> Microsoft
>
>> 36 11/16/2004 09:43:37 Firewall default policy: UDP (L to W)
>> 192.168.0.14:1029 212.159.11.150:53 ACCESS FORWARD
>
> PlusNet DNS; seems you are a PlusNet customer.
>
>> 37 11/16/2004 09:43:37 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1085 193.108.72.64:443 ACCESS FORWARD
>> 38 11/16/2004 09:43:37 Firewall default policy: UDP (L to W)
>> 192.168.0.14:1029 212.159.11.150:53 ACCESS FORWARD
>> 39 11/16/2004 09:43:37 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1084 207.46.107.58:1863 ACCESS FORWARD
>
> Microsoft, maybe MSN?
>
>> 40 11/16/2004 09:43:36 Firewall default policy: TCP (L to W)
>> 192.168.0.7:1927 80.229.154.244:80 ACCESS FORWARD
>> 41 11/16/2004 09:43:36 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1083 66.102.11.99:80 ACCESS FORWARD
>
> Google
>
>> 42 11/16/2004 09:43:36 Firewall default policy: TCP (L to W)
>> 192.168.0.14:1082 207.46.104.20:1863 ACCESS FORWARD
>> 43 11/16/2004 09:43:36 Firewall default policy: UDP (L to W)
>> 192.168.0.14:1029 212.159.11.150:53 ACCESS FORWARD
>
> --
> Nigel Wade, System Administrator, Space Plasma Physics Group,
> University of Leicester, Leicester, LE1 7RH, UK
> E-mail : nmw@ion.le.ac.uk
> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>
- Next message: <©¿©>: "Re: Kerio - What is OFFICEGUI32.EXE?"
- Previous message: slavek: "Checkpoint -Failed to update policy"
- In reply to: Nigel Wade: "Re: URGENT - Logs - outgoing 443 traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
