any 1 no wot this is ? plz

Discussion in 'malware problems & news' started by kate, Jan 3, 2003.

Thread Status:
Not open for further replies.
  1. kate

    kate Guest

    o_O217.32.247.131 CONTENT DISTRIBUTION NETWORK
    as it seems to have a constant connection 2 my comp ?on port 1193 is it spy ware or sumthin?plz help .
    thanks
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Kate

    There is a server identifies itself as Footprint V.2.05, located in GB. You take a look yourself :
    http://www.dnsstuff.com/

    ;)
    *Ari*
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Steve Gibson´s ID Serve got this information:

    Initiating server query ...
    Looking up the domain name for IP: 217.32.247.131
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on standard HTTP port: 80
    [Connected] Requesting the server's default page.
    The server returned the following response headers:
    HTTP/1.1 404 Not Found
    Date: Fri, 03 Jan 2003 18:41:40 GMT
    Content-Length: 163
    Content-Type: text/html
    Server: Footprint V2.05
    Connection: close
    Query complete.

    So, this might not be your own ISP I guess.....Do you consider any good firewall, like ZoneAlarm ?

    regards *Ari*
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Looks like British Telecom, but I can´t find any known applications using that port o_O

    Could you download HijackThis and post the log it creates.
    Or, if you´re not comfortable with posting it, mail or IM it to me.

    Regards,

    Pieter
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Yeah...
    Google gave me no clues either.......a trojan ?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Not according to the site I use for that: http://www.simovits.com/nyheter9902.html

    Regards,

    Pieter
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Oh yeah Pieter, seems familiar for me ;)
    But how about a new unlisted trojan ?
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Could be, Krusty. Or spyware?
    I guess we´ll have to wait for the log.

    Regards,

    Pieter
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The WHOIS (in Port Explorer) gave me this
    % This is the RIPE Whois server.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/ripencc/pub-services/db/copyright.html

    inetnum: 217.32.246.0 - 217.32.247.255
    netname: BT-CORE
    descr: CONTENT DISTRIBUTION NETWORK
    country: GB
    admin-c: BS1474-RIPE
    tech-c: BS1474-RIPE
    status: ASSIGNED PA
    remarks: Please send abuse notification to abuse@bt.net
    mnt-by: BTNET-MNT
    mnt-lower: BTNET-MNT
    mnt-routes: BTNET-MNT
    changed: preston.dialip@bt.com 20000419
    changed: preston.dialip@bt.com 20010628
    changed: preston.dialip@bt.com 20020724
    source: RIPE

    route: 217.32.0.0/12
    descr: BT Public Internet Service
    origin: AS2856
    mnt-by: BTNET-MNT
    changed: support@bt.net 20021204
    source: RIPE

    role: BTnet Support
    address: 154 St Albans Rd
    address: Sandridge
    address: St Albans
    address: Hertfordshire
    address: AL4 9NH
    address: GB
    phone: +44 1189 512313
    e-mail: support@bt.net
    trouble: support@bt.net
    admin-c: FLS15-RIPE
    tech-c: BS1474-RIPE
    nic-hdl: BS1474-RIPE
    remarks: For all queries contact support@bt.net
    mnt-by: BTNET-MNT
    changed: preston.dialip@bt.com 20010613
    changed: support@bt.net 20011112
    changed: preston.dialip@bt.com 20020430
    source: RIPE


    The port 1193 did not give a thing yet.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Jooske,

    I give a phone call now and ask who´s ip might be... +44 1189 512313 :D

    Have a nice weekend !

    *Ari*
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    More info on Google about the phone number:
    http://www.spambrigade.com/memberreports/Morpheus/morph184.txt

    *Ari* :D
     
Loading...
Thread Status:
Not open for further replies.