Security Basics mailing list archives
RE: suspecious traffic
From: Murad Talukdar <talukdar_m () subway com>
Date: Mon, 13 Mar 2006 09:06:09 +1000
According to dnsstuff (www.dnsstuff.com) WHOIS results for 68.142.78.50 Generated by www.DNSstuff.com Location: United States [City: Tempe, Arizona] [E-mail addresses turned back OFF for technical reasons; if you have an 'anonymizing' program or odd firewall, it could cause this] Looking up 68.142.78.50 at whois.arin.net. NOTE: More information appears to be available at LNAA-ARIN. Using 30+ day old [STALE - being deleted now] cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address). OrgName: Limelight Networks, LLC OrgID: LLNW Address: 2220 W. 14th Street City: Tempe StateProv: AZ PostalCode: 85281 Country: US ReferralServer: rwhois://rwhois.llnw.net:4321/ NetRange: 68.142.64.0 - 68.142.127.255 CIDR: 68.142.64.0/18 NetName: LLNW-2 NetHandle: NET-68-142-64-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer: DNS.LAX.LLNS.NET NameServer: DNS.LGA.LLNS.NET NameServer: DNS.SJC.LLNS.NET NameServer: DNS.IAD.LLNS.NET Comment: RegDate: 2004-03-17 Updated: 2004-11-04 OrgAbuseHandle: LNAD-ARIN OrgAbuseName: Limelight Networks Abuse Dept OrgAbusePhone: +1-602-850-5095 OrgAbuseEmail: *******@limelightnetworks.com OrgTechHandle: LNAA-ARIN OrgTechName: Limelight Networks ARIN Admin OrgTechPhone: +1-602-850-5095 OrgTechEmail: *********@limelightnetworks.com # ARIN WHOIS database, last updated 2005-10-16 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. When the server was last reloaded, we had 226949 IP addresses banned. We encourage you to view these pages in a browser or widget/extension. You are not allowed to use automated programs to access this information, or you may be fined. (C) Copyright 2000-2006 DNSstuff.com So check out their website; http://www.limelightnetworks.com/ And see what you can discern from there, Mr Anderson. Regards Murad Talukdar -----Original Message----- From: neo anderson [mailto:amol.netsec () gmail com] Sent: Friday, March 10, 2006 4:55 PM To: security-basics () securityfocus com Subject: suspecious traffic I just had firefox 1.5 running in foreground when I got these squid logs, every second: 1141900741.814 1129 172.168.1.112 TCP_MISS/200 204 POST http://on24.fcod.llnwd.net/idle/2017222912/7535 - DIRECT/68.142.78.50 application/x-fcs 1141900742.644 1151 172.168.1.112 TCP_MISS/200 204 POST http://on24.fcod.llnwd.net/idle/-1173901264/9484 - DIRECT/68.142.78.50 application/x-fcs Is it a matter of concern? --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- suspecious traffic neo anderson (Mar 10)
- RE: suspecious traffic Murad Talukdar (Mar 13)