Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 9/12/2002 3:50:41 PM EDT
I have been hit about 20 times from: A computer at a216-33-75-22.deploy.akamaitechnologies.com has attempted an unsolicited connection to TCP port 1245 on your computer. TCP port 1245 is commonly used by the "VooDoo Doll Trojan" service or program. The source computer has scanned your computer for this trojan, but it has been blocked by your firewall. Output from ARIN Whois says: Search results for: 216-33-75-22 OrgName: Air Force Logistics Command OrgID: AFLC-4 ASNumber: 216 ASName: LMSC-HOSTNET-AS ASHandle: AS216 Comment: RegDate: 1988-07-18 Updated: 1991-01-10 TechHandle: ST55-ARIN TechName: Jacob, Steve TechPhone: TechEmail: sjacob@logdis1.hq.aflc.af.mil # ARIN Whois database, last updated 2002-09-11 19:05 # Enter ? for additional hints on searching ARIN's Whois database. Please advise?
Link Posted: 9/12/2002 3:52:17 PM EDT
your computers belong to us....
Link Posted: 9/12/2002 3:54:10 PM EDT
[Last Edit: 9/12/2002 4:03:54 PM EDT by NAM]
I may be able to offer some limited assistance. I am an Intrusion detection analyst, stationed at Scott AFB. Unfortunately, i do not work for the AFLC. More info would be of help. ***EDIT*** double check your whois info. i am getting: OrgName: Cable & Wireless OrgID: EXCW NetRange: 216.32.0.0 - 216.35.255.255 CIDR: 216.32.0.0/14 NetName: LEGACY-8 NetHandle: NET-216-32-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: DNS01.EXODUS.NET NameServer: DNS02.EXODUS.NET NameServer: DNS03.EXODUS.NET NameServer: DNS04.EXODUS.NET Comment: * Rwhois reassignment information for this block is available at: * rwhois.exodus.net 4321 * For abuse please contact abuse@exodus.net RegDate: Updated: 2002-08-20 Obviously... this is not the AFLC. IF they are repeadedly pounding your machine... you may want to go offline for a while. Adds are, it's jsut some idiot scanning. THere is an abuse addres you cna contact... shoot them an email and tell them the situation. they'll usually do some investigating... and maybe even cut off the offender's access.
Link Posted: 9/12/2002 4:33:51 PM EDT
Originally Posted By NAM: I may be able to offer some limited assistance. I am an Intrusion detection analyst, stationed at Scott AFB. Unfortunately, i do not work for the AFLC. More info would be of help. ***EDIT*** double check your whois info. i am getting: OrgName: Cable & Wireless OrgID: EXCW NetRange: 216.32.0.0 - 216.35.255.255 CIDR: 216.32.0.0/14 NetName: LEGACY-8 NetHandle: NET-216-32-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: DNS01.EXODUS.NET NameServer: DNS02.EXODUS.NET NameServer: DNS03.EXODUS.NET NameServer: DNS04.EXODUS.NET Comment: * Rwhois reassignment information for this block is available at: * rwhois.exodus.net 4321 * For abuse please contact abuse@exodus.net RegDate: Updated: 2002-08-20 Obviously... this is not the AFLC. IF they are repeadedly pounding your machine... you may want to go offline for a while. Adds are, it's jsut some idiot scanning. THere is an abuse addres you cna contact... shoot them an email and tell them the situation. they'll usually do some investigating... and maybe even cut off the offender's access.
View Quote
Thanks, That was weird. I shut down right after I posted. All is quiet now.
Link Posted: 9/12/2002 4:41:37 PM EDT
[Last Edit: 9/12/2002 4:43:56 PM EDT by Kar98]
Domain Name: AKAMAITECHNOLOGIES.COM Registrar: TUCOWS, INC. Whois Server: whois.opensrs.net Referral URL: http://www.opensrs.org Dunno where you find the AFLC reference. I think it's your Windows XP computer trying to download Service Pack 1. Akamai provides mirrors and bandwidth for pages that are expecting huge hits and data transfer, like Microsoft, and lots of other websites.
Top Top