RE: suspecious traffic

[Murad Talukdar <talukdar_m () subway com>]

According to dnsstuff (www.dnsstuff.com)


WHOIS results for 68.142.78.50
Generated by www.DNSstuff.com

Location: United States [City: Tempe, Arizona]

[E-mail addresses turned back OFF for technical reasons; if you have an
'anonymizing' program or odd firewall, it could cause this]

Looking up 68.142.78.50 at whois.arin.net.

NOTE: More information appears to be available at LNAA-ARIN.

Using 30+ day old  [STALE - being deleted now] cached answer (or, you can
get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName:    Limelight Networks, LLC 
OrgID:      LLNW
Address:    2220 W. 14th Street
City:       Tempe
StateProv:  AZ
PostalCode: 85281
Country:    US

ReferralServer: rwhois://rwhois.llnw.net:4321/

NetRange:   68.142.64.0 - 68.142.127.255 
CIDR:       68.142.64.0/18 
NetName:    LLNW-2
NetHandle:  NET-68-142-64-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS.LAX.LLNS.NET
NameServer: DNS.LGA.LLNS.NET
NameServer: DNS.SJC.LLNS.NET
NameServer: DNS.IAD.LLNS.NET
Comment:    
RegDate:    2004-03-17
Updated:    2004-11-04

OrgAbuseHandle: LNAD-ARIN
OrgAbuseName:   Limelight Networks Abuse Dept 
OrgAbusePhone:  +1-602-850-5095
OrgAbuseEmail:  *******@limelightnetworks.com

OrgTechHandle: LNAA-ARIN
OrgTechName:   Limelight Networks ARIN Admin 
OrgTechPhone:  +1-602-850-5095
OrgTechEmail:  *********@limelightnetworks.com

# ARIN WHOIS database, last updated 2005-10-16 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


When the server was last reloaded, we had 226949 IP addresses banned. We
encourage you to view these pages in a browser or widget/extension.
You are not allowed to use automated programs to access this information, or
you may be fined.
(C) Copyright 2000-2006 DNSstuff.com


So check out their website;
http://www.limelightnetworks.com/

And see what you can discern from there, Mr Anderson.

Regards
Murad Talukdar

-----Original Message-----
From: neo anderson [mailto:amol.netsec () gmail com] 
Sent: Friday, March 10, 2006 4:55 PM
To: security-basics () securityfocus com
Subject: suspecious traffic

I just had firefox 1.5 running in foreground when I got these squid
logs, every second:

1141900741.814   1129 172.168.1.112 TCP_MISS/200 204 POST
http://on24.fcod.llnwd.net/idle/2017222912/7535 - DIRECT/68.142.78.50
application/x-fcs
1141900742.644   1151 172.168.1.112 TCP_MISS/200 204 POST
http://on24.fcod.llnwd.net/idle/-1173901264/9484 - DIRECT/68.142.78.50
application/x-fcs


Is it a matter of concern?

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------