any 1 no wot this is ? plz

217.32.247.131 CONTENT DISTRIBUTION NETWORK
as it seems to have a constant connection 2 my comp ?on port 1193 is it spy ware or sumthin?plz help .
thanks

 

Hi Kate

There is a server identifies itself as Footprint V.2.05, located in GB. You take a look yourself :
http://www.dnsstuff.com/


*Ari*

 

Steve Gibson´s ID Serve got this information:

Initiating server query ...
Looking up the domain name for IP: 217.32.247.131
(The domain name for the specified IP address could not be found.)
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 404 Not Found
Date: Fri, 03 Jan 2003 18:41:40 GMT
Content-Length: 163
Content-Type: text/html
Server: Footprint V2.05
Connection: close
Query complete.

So, this might not be your own ISP I guess.....Do you consider any good firewall, like ZoneAlarm ?

regards *Ari*

 

Looks like British Telecom, but I can´t find any known applications using that port

Could you download HijackThis and post the log it creates.
Or, if you´re not comfortable with posting it, mail or IM it to me.

Regards,

Pieter

 

Yeah...
Google gave me no clues either.......a trojan ?

 

Not according to the site I use for that: http://www.simovits.com/nyheter9902.html

Regards,

Pieter

 

Oh yeah Pieter, seems familiar for me
But how about a new unlisted trojan ?

 

Could be, Krusty. Or spyware?
I guess we´ll have to wait for the log.

Regards,

Pieter

 

The WHOIS (in Port Explorer) gave me this
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 217.32.246.0 - 217.32.247.255
netname: BT-CORE
descr: CONTENT DISTRIBUTION NETWORK
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 20000419
changed: preston.dialip@bt.com 20010628
changed: preston.dialip@bt.com 20020724
source: RIPE

route: 217.32.0.0/12
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 20021204
source: RIPE

role: BTnet Support
address: 154 St Albans Rd
address: Sandridge
address: St Albans
address: Hertfordshire
address: AL4 9NH
address: GB
phone: +44 1189 512313
e-mail: support@bt.net
trouble: support@bt.net
admin-c: FLS15-RIPE
tech-c: BS1474-RIPE
nic-hdl: BS1474-RIPE
remarks: For all queries contact support@bt.net
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 20010613
changed: support@bt.net 20011112
changed: preston.dialip@bt.com 20020430
source: RIPE


The port 1193 did not give a thing yet.

 

Hi Jooske,

I give a phone call now and ask who´s ip might be... +44 1189 512313

Have a nice weekend !

*Ari*

 

More info on Google about the phone number:
http://www.spambrigade.com/memberreports/Morpheus/morph184.txt

*Ari*