Firewall Wizards mailing list archives

RE: Traffic identification

From: "Bill Royds" <broyds () rogers com>
Date: Wed, 18 Dec 2002 17:06:09 -0500
The source IP belongs to the Virginia Dept. of Education, so I would guess that it is a high school student playing 
with some toys.

 Does North Carolina have a rivalry with Virginia?

F:\>dig -x 141.104.10.222

104.141.in-addr.arpa.   2h56m32s IN SOA  hp01.vak12ed.edu. hostmaster.hp01.vak12ed.edu. (
                                        2002112600      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum



F:\>whois -h whois.educause.net vak12ed.edu
[whois.educause.net]

Domain Name: VAK12ED.EDU

Registrant:
   Virginia Department of Education
   101 N. 14th Street, 22nd Floor
   Richmond, VA 23219
   UNITED STATES

Contacts:

   Administrative Contact:
   W. C. Epperson
   Virginia Department of Education
   101 N. 14th Street, 22nd Floor
   Richmond, VA 23219
   UNITED STATES
   (804) 371-7525
   epperson () vak12ed edu


   Technical Contact:
   W. C. Epperson
   Virginia Department of Education
   101 N. 14th Street, 22nd Floor
   Richmond, VA 23219
   UNITED STATES
   (804) 371-7525
   epperson () vak12ed edu


Name Servers:
   HP01.VAK12ED.EDU     141.104.150.251
   UVAARPA.VIRGINIA.EDU 128.143.2.7

Domain record activated:    06-Jul-1990
Domain record last updated: 21-Dec-2001

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of W.C.
Epperson
Sent: Wed December 18 2002 12:16
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Traffic identification


This is a dial-up user on my network trying to get to something I can't 
identify at an address I
can't find out much about.  Does anyone recognize the traffic?  Or have 
suggestions on researching
this sort of thing?  My old ways of searching on port number, etc., turn 
up so much noise I can't
sift through it.
Dec 18 08:23:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(375)
Dec 18 08:24:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(373)
Dec 18 08:25:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(371)
Dec 18 08:26:03 denied tcp 141.104.10.222(3030) -> 207.114.130.7(483)
Dec 18 08:26:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(376)
Dec 18 08:27:10 denied tcp 141.104.10.222(3033) -> 207.114.130.7(481)
Dec 18 08:28:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(370)
Dec 18 08:29:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(372)
Dec 18 08:29:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(373)
Dec 18 08:30:15 denied tcp 141.104.10.222(3044) -> 207.114.130.7(482)
Dec 18 08:31:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(376)
Dec 18 08:32:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(375)
Dec 18 08:32:56 denied tcp 141.104.10.222(3033) -> 207.114.130.7(481)
Dec 18 08:33:16 denied tcp 141.104.10.222(3052) -> 207.114.130.6(485)
Dec 18 08:33:46 denied tcp 141.104.10.222(3053) -> 207.114.130.7(485)
Dec 18 08:33:56 denied tcp 141.104.10.222(3036) -> 207.114.130.7(486)
Dec 18 08:34:02 denied udp 141.104.10.222(9370) -> 207.114.130.6(370)
Dec 18 08:34:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(375)
Dec 18 08:35:09 denied tcp 141.104.10.222(3054) -> 207.114.130.7(480)
Dec 18 08:35:39 denied tcp 141.104.10.222(3055) -> 207.114.130.6(480)
Dec 18 08:35:56 denied tcp 141.104.10.222(3044) -> 207.114.130.7(482)
Dec 18 08:37:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(375)
Dec 18 08:38:56 denied tcp 141.104.10.222(3052) -> 207.114.130.6(485)
Dec 18 08:39:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(370)
Dec 18 08:40:56 denied tcp 141.104.10.222(3055) -> 207.114.130.6(480)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:

Traffic identification W.C. Epperson (Dec 18)
- RE: Traffic identification Brian A Kee (Dec 18)
- RE: Traffic identification Bill Royds (Dec 18)
  - RE: Traffic identification Christopher Hicks (Dec 19)
- Re: Traffic identification Jim Seymour (Dec 18)