Re: Anti Virus Gods

Discussion in 'Computer Support' started by Mike Easter, Aug 30, 2006.

  1. Mike Easter

    Mike Easter Guest

    Mike Easter wrote:
    > wrote:
    >> I have a bit of a mystery I've been trying to solve,

    >
    > I don"t know the answer.


    >> Remote Name : ip24-255-115-60.dc.dc.cox.net
    >> Remote Address : 24.255.115.60
    >> Remote Port : 110 (POP3 - Post Office Protocol - Version 3)


    There has been 1 incident reported at MNW MyNetWatchman, an aggregator
    of firewall log reports from that IP:

    http://www.mynetwatchman.com/LID.asp?IID=216882238

    <columns delimited by - dashes for headers & values>

    Most Recent Event

    Date/Time (UTC) - Agent Alias - Agent Type - Log Type - Target IP # of
    IPs Targeted - Protocol/Port - Port/Issue Description - SourcePort -
    EventCount

    24 Aug 2006 03:25:42 - AgentJS - win32 - Zone Alarm - 68.88.x.x - 1 -
    6/58319 - Research Pending - 2281 - 1


    I'm pretty sure that protocol type 6 in that db is TCP.


    --
    Mike Easter
     
    Mike Easter, Aug 30, 2006
    #1
    1. Advertising

  2. Mike Easter

    Mike Easter Guest

    Mike Easter wrote:

    > Date/Time (UTC) - Agent Alias - Agent Type - Log Type - Target IP # of
    > IPs Targeted - Protocol/Port - Port/Issue Description - SourcePort -
    > EventCount
    >
    > 24 Aug 2006 03:25:42 - AgentJS - win32 - Zone Alarm - 68.88.x.x - 1 -
    > 6/58319 - Research Pending - 2281 - 1


    Interpreted as AgentJS running ZA on hir win32 system at munged
    68.88.x.x recorded 1 hit event from the IP 24.255.115.60 TCP to port
    58319 from/on port 2281 and the MNW people don't don't the nature of
    that event - research pending.

    The ports 58319 & 2281 are associated with: unknown and lnvconsole,
    which lnvconsole has been associated with the sobig.e worm.

    Your 2221 port is for rockwell-csp1 according to IANA assignment
    actually 2221-2223. I don't know exactly what the rockwell business is
    about, something that rockwell does.

    --
    Mike Easter
     
    Mike Easter, Aug 30, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Trax
    Replies:
    1
    Views:
    684
    All Things Mopar
    Feb 12, 2006
  2. Replies:
    0
    Views:
    796
  3. The Master of The Known Universe

    Top 3 firewalls, anti-virus apps, anti-spyware apps

    The Master of The Known Universe, May 9, 2006, in forum: Computer Support
    Replies:
    10
    Views:
    1,085
    clouds
    May 13, 2006
  4. Attn: Anti Virus Gods

    , Aug 30, 2006, in forum: Computer Support
    Replies:
    12
    Views:
    660
  5. marjun

    free anti-spam/anti-virus

    marjun, Apr 28, 2007, in forum: Computer Support
    Replies:
    7
    Views:
    781
    Toxic Beth
    May 1, 2007
Loading...

Share This Page