Security Incidents mailing list archives
UDP probing [ trojan? ]
From: mabrown () SECUREPIPE COM (mabrown () SECUREPIPE COM)
Date: Mon, 17 Jan 2000 15:58:45 -0600
Hello all, We have a client who is experiencing an unusual flurry of UDP packets attempting to leave his network, which we are stopping on the perimeter firewall. These packets occur in storms for approximately a minute, and all originate from the same source port on the (possibly compromised) client machine. There does not appear (without substantially more data and analysis) to be any pattern to the destination addresses (or ports) of these outbound packets. I have made attempts to locate a description of any similar network activity on the SecurityFocus website, as well as the CERT notifications and the CIAC incident list, however, as yet, am unable to determine any correlation between the activity on this network and listed trojans/network probes. I have included a line (with details edited) below to indicate the source port/destination port pairing. Typically, for each flurry of packets, the source port is the same for all destination. The next flurry (they are usually hours apart) will use a different source port, and another flurry will use yet a third source port. Jan 10 00:00:00 hostname kernel: Packet log: inpETH0 DENY eth0 PROTO=17 xxx.xxx.xxx.xxx:3357 xxx.xxx.xxx.xxx:4530 L=137 S=0x00 I=59259 F=0x0000 T=128 It concerns me that our client may have a trojaned machine, and would like to inform him of a solution if there is one. I have done a reverse lookup on some of the hosts to which these packets are destined, and have include that information below (for hosts which resolved). Please note that this is in no way a statement of wrongdoing on the part of these networks. I include the below IPs and reverse lookups merely for informational purposes, and also perhaps to jog others' minds, in case this is familiar. In short, has anybody seen this kind of probe recently? Thank you in advance for your time, -Martin -- Martin A. Brown --- SecurePipe Communications --- mabrown () securepipe com -------------------- 147.133.21.12.IN-ADDR.ARPA domain name pointer dbogue.cable.scottsboro.org 131.3.67.12.IN-ADDR.ARPA domain name pointer 131.dallas-10.tx.dial-access.att.net 194.45.75.12.IN-ADDR.ARPA domain name pointer 194.st-louis-113-114rs.mo.dial-access.att.net 11.65.77.12.IN-ADDR.ARPA domain name pointer 11.raleigh-03-04rs16rt.nc.dial-access.att.net 88.75.77.12.IN-ADDR.ARPA domain name pointer 88.greensboro-08-09rs.nc.dial-access.att.net 211.208.78.12.IN-ADDR.ARPA domain name pointer 211.philadelphia-01-02rs.pa.dial-access.att.net 41.48.114.128.IN-ADDR.ARPA domain name pointer tetris.cse.ucsc.edu 124.232.119.128.IN-ADDR.ARPA domain name pointer v90-232-124.dialup.umass.edu 158.90.205.128.IN-ADDR.ARPA domain name pointer devw951209.med.buffalo.edu 230.186.235.128.IN-ADDR.ARPA domain name pointer dhcp186-230.njit.edu 135.198.8.128.IN-ADDR.ARPA domain name pointer scdh-135.umd.edu 187.217.97.128.IN-ADDR.ARPA domain name pointer GD187.gdnet.ucla.edu 23.174.123.129.IN-ADDR.ARPA domain name pointer pc22.vernal.usu.edu 206.28.37.129.IN-ADDR.ARPA domain name pointer slip129-37-28-206.ga.us.prserv.net 206.28.37.129.IN-ADDR.ARPA domain name pointer slip-129-37-28-206.fl.us.prserv.net 229.88.37.129.IN-ADDR.ARPA domain name pointer slip129-37-88-229.tx.us.prserv.net 229.88.37.129.IN-ADDR.ARPA domain name pointer slip-129-37-88-229.pa.us.prserv.net 147.101.1.13.IN-ADDR.ARPA domain name pointer crisia.parc.xerox.com 142.166.247.131.IN-ADDR.ARPA domain name pointer tampappp142.net.usf.edu 87.42.88.138.IN-ADDR.ARPA domain name pointer adsl-138-88-42-87.bellatlantic.net 46.92.151.141.IN-ADDR.ARPA domain name pointer client-141-151-92-46.bellatlantic.net 138.31.152.141.IN-ADDR.ARPA domain name pointer client-141-152-31-138.bellatlantic.net 48.205.115.146.IN-ADDR.ARPA domain name pointer epicon.epicon.com 164.17.186.146.IN-ADDR.ARPA domain name pointer nb5ppp164.cac.psu.edu 87.223.102.147.IN-ADDR.ARPA domain name pointer ppp087.dialup.ntua.gr 54.115.72.147.IN-ADDR.ARPA domain name pointer utown-01039.helicon.net 3.148.233.148.IN-ADDR.ARPA domain name pointer du-148-233-148-3.prodigy.net.mx 151.3.84.148.IN-ADDR.ARPA domain name pointer s151.lehman.cuny.edu 21.145.99.149.IN-ADDR.ARPA domain name pointer spc-isp-mtl-58-6-528.sprint.ca 177.69.99.149.IN-ADDR.ARPA domain name pointer spc-isp-tor-58-2-684.sprint.ca 201.9.15.151.IN-ADDR.ARPA domain name pointer ppp201-9-15AS58MI2.iunet.it 251.121.21.151.IN-ADDR.ARPA domain name pointer ppp-21-121-251.libero.it 73.56.21.151.IN-ADDR.ARPA domain name pointer ppp-21-56-73.libero.it 211.212.166.152.IN-ADDR.ARPA domain name pointer 98A6D4D3.ipt.aol.com 250.45.166.152.IN-ADDR.ARPA domain name pointer 98A62DFA.ipt.aol.com 2.94.170.152.IN-ADDR.ARPA domain name pointer 98AA5E02.ipt.aol.com 80.108.171.152.IN-ADDR.ARPA domain name pointer 98AB6C50.ipt.aol.com 247.129.171.152.IN-ADDR.ARPA domain name pointer 98AB81F7.ipt.aol.com 142.34.172.152.IN-ADDR.ARPA domain name pointer 98AC228E.ipt.aol.com 166.157.174.152.IN-ADDR.ARPA domain name pointer 98AE9DA6.ipt.aol.com 66.211.174.152.IN-ADDR.ARPA domain name pointer 98AED342.ipt.aol.com 77.147.175.152.IN-ADDR.ARPA domain name pointer 98AF934D.ipt.aol.com 157.14.202.152.IN-ADDR.ARPA domain name pointer 98CA0E9D.ipt.aol.com 174.9.205.152.IN-ADDR.ARPA domain name pointer 98CD09AE.ipt.aol.com 133.17.207.152.IN-ADDR.ARPA domain name pointer 98CF1185.ipt.aol.com 57.36.207.152.IN-ADDR.ARPA domain name pointer 98CF2439.ipt.aol.com 56.229.239.155.IN-ADDR.ARPA domain name pointer dps53-02-p56.kn.saix.net 42.102.46.156.IN-ADDR.ARPA domain name pointer ply0042.excel.net 35.212.56.156.IN-ADDR.ARPA domain name pointer dhcp-deltagamma-212-35.deltagamma.indiana.edu 196.249.252.158.IN-ADDR.ARPA domain name pointer sdn-ar-021casfrMP194.dialsprint.net 25.48.142.159.IN-ADDR.ARPA domain name pointer host.159-142-48-25.gsa.gov 117.222.142.161.IN-ADDR.ARPA domain name pointer j15.btl3.jaring.my 101.233.184.161.IN-ADDR.ARPA domain name pointer gdprpx06-port-9.agt.net 24.117.121.163.IN-ADDR.ARPA domain name pointer subnet117.idsc.gov.eg 67.70.121.165.IN-ADDR.ARPA domain name pointer user-2inihi3.dialup.mindspring.com 23.189.166.165.IN-ADDR.ARPA domain name pointer dial-13.r21.scrchl.InfoAve.Net 199.249.247.165.IN-ADDR.ARPA domain name pointer user-2ivfue7.dialup.mindspring.com 89.43.77.166.IN-ADDR.ARPA domain name pointer dhcp-43-89.mtvnodn.com 15.21.187.168.IN-ADDR.ARPA domain name pointer ppp-21-015.kems.net 34.69.70.168.IN-ADDR.ARPA domain name pointer tswc4b034.netvigator.com 190.216.132.169.IN-ADDR.ARPA domain name pointer ppp-46.ts-4-bay.nyc.idt.net 93.123.207.169.IN-ADDR.ARPA domain name pointer ea-93.mdm.wat.execpc.com 240.68.207.169.IN-ADDR.ARPA domain name pointer xeros-2-174.mdm.mke.execpc.com 105.208.208.171.IN-ADDR.ARPA domain name pointer ABD0D069.ipt.aol.com 212.86.208.171.IN-ADDR.ARPA domain name pointer ABD056D4.ipt.aol.com 217.91.208.171.IN-ADDR.ARPA domain name pointer ABD05BD9.ipt.aol.com 147.82.209.171.IN-ADDR.ARPA domain name pointer ABD15293.ipt.aol.com 105.130.210.171.IN-ADDR.ARPA domain name pointer ABD28269.ipt.aol.com 168.135.210.171.IN-ADDR.ARPA domain name pointer ABD287A8.ipt.aol.com 48.42.210.171.IN-ADDR.ARPA domain name pointer ABD22A30.ipt.aol.com 160.219.211.171.IN-ADDR.ARPA domain name pointer ABD3DBA0.ipt.aol.com 140.55.211.171.IN-ADDR.ARPA domain name pointer ABD3378C.ipt.aol.com 76.251.212.171.IN-ADDR.ARPA domain name pointer ABD4FB4C.ipt.aol.com 22.67.212.171.IN-ADDR.ARPA domain name pointer ABD44316.ipt.aol.com 224.94.214.171.IN-ADDR.ARPA domain name pointer ABD65EE0.ipt.aol.com 35.229.215.171.IN-ADDR.ARPA domain name pointer ABD7E523.ipt.aol.com 51.136.216.171.IN-ADDR.ARPA domain name pointer ABD88833.ipt.aol.com 45.162.216.171.IN-ADDR.ARPA domain name pointer ABD8A22D.ipt.aol.com 66.202.217.171.IN-ADDR.ARPA domain name pointer ABD9CA42.ipt.aol.com 67.216.222.171.IN-ADDR.ARPA domain name pointer ABDED843.ipt.aol.com 233.9.223.171.IN-ADDR.ARPA domain name pointer ABDF09E9.ipt.aol.com 207.152.78.171.IN-ADDR.ARPA domain name pointer burl-dhcp152-207.bbn.com 113.170.100.192.IN-ADDR.ARPA domain name pointer sc213.utm.mx 83.44.114.192.IN-ADDR.ARPA domain name pointer p19.rehovot1.actcom.co.il 101.154.117.192.IN-ADDR.ARPA domain name pointer Jlm-154-101.access.net.il 87.139.208.192.IN-ADDR.ARPA domain name pointer Farside.SSC.ERC.MsState.Edu 155.43.236.192.IN-ADDR.ARPA domain name pointer e155.e.usd.edu 155.239.140.193.IN-ADDR.ARPA domain name pointer ppp25.ser0.hacettepe.edu.tr 118.24.159.193.IN-ADDR.ARPA domain name pointer pC19F1876.dip.t-dialin.net 111.59.2.193.IN-ADDR.ARPA is a nickname for 111.kss-loka.si 245.61.207.193.IN-ADDR.ARPA domain name pointer ppp22-nas0.fabriano.nettuno.it 86.64.66.193.IN-ADDR.ARPA domain name pointer drno.pp.fi 5.134.125.194.IN-ADDR.ARPA domain name pointer ts01-005.dublin.indigo.ie 171.130.145.194.IN-ADDR.ARPA domain name pointer airlock171.esatclear.ie 17.244.168.194.IN-ADDR.ARPA domain name pointer p17-harc1-kirklees1.tch.dtn.ntl.com 84.23.27.194.IN-ADDR.ARPA domain name pointer tedplan.hos.akdeniz.edu.tr 167.137.42.194.IN-ADDR.ARPA domain name pointer c6.kafesindesis.com.cy 78.219.124.195.IN-ADDR.ARPA domain name pointer rg3033-4.zdf.de 103.106.167.195.IN-ADDR.ARPA domain name pointer athe530-k103.otenet.gr 161.194.249.195.IN-ADDR.ARPA domain name pointer ip161.ronxr2.ras.tele.dk 55.129.39.195.IN-ADDR.ARPA domain name pointer as12-55.qualitynet.net 245.147.39.195.IN-ADDR.ARPA domain name pointer as1-61.sailo.net 196.161.39.195.IN-ADDR.ARPA domain name pointer as18-196.qualitynet.net 203.161.39.195.IN-ADDR.ARPA domain name pointer as18-203.qualitynet.net 142.136.107.198.IN-ADDR.ARPA domain name pointer host4.pacinter.net 153.136.107.198.IN-ADDR.ARPA domain name pointer host15.pacinter.net 42.133.203.199.IN-ADDR.ARPA domain name pointer ppp42.applicom.co.il 75.91.224.199.IN-ADDR.ARPA domain name pointer shck-91ppp75.epix.net 226.251.236.199.IN-ADDR.ARPA domain name pointer ppp213.frugal.com 144.157.1.200.IN-ADDR.ARPA domain name pointer p-144-157.dialin.sr.net 58.66.188.200.IN-ADDR.ARPA domain name pointer d-02-58.sp.dial.psinet.com.br.66.188.200.in-addr.arpa 99.20.192.200.IN-ADDR.ARPA domain name pointer rjo20-99.alternex.com.br 138.131.224.200.IN-ADDR.ARPA domain name pointer rjo-1-as03-7-a10.gd.uol.com.br 75.117.230.200.IN-ADDR.ARPA domain name pointer ppp45.birinet.com.br 211.233.39.200.IN-ADDR.ARPA domain name pointer dial-200-39-233-211.zone-1.dial.net.mx 110.249.39.200.IN-ADDR.ARPA domain name pointer dial-200-39-249-110.zone-3.dial.net.mx 223.35.175.202.IN-ADDR.ARPA domain name pointer c51line222.dialup2.ctm.net 17.248.183.202.IN-ADDR.ARPA domain name pointer bkk10-17.dial.cscoms.com 61.233.109.203.IN-ADDR.ARPA domain name pointer 203-109-233-61.ihug.net 123.87.198.203.IN-ADDR.ARPA domain name pointer pcd010123.netvigator.com 18.150.46.203.IN-ADDR.ARPA domain name pointer gy-port012.dataline.net.au 141.73.80.203.IN-ADDR.ARPA domain name pointer 73user141.ctinets.com 52.98.96.203.IN-ADDR.ARPA domain name pointer 203-96-98-52.dialup.xtra.co.nz 242.58.116.204.IN-ADDR.ARPA domain name pointer dial-42.r04.scmbch.InfoAve.Net 99.225.119.204.IN-ADDR.ARPA domain name pointer tc2ppp69.xit.net 99.138.244.204.IN-ADDR.ARPA domain name pointer ss78.imagenisp.com 78.53.60.204.IN-ADDR.ARPA domain name pointer sttn-sh5-port78.snet.net 40.171.95.204.IN-ADDR.ARPA domain name pointer dialin40.cni-usa.com 242.42.139.205.IN-ADDR.ARPA domain name pointer ail242.ailtso.com 187.164.160.205.IN-ADDR.ARPA domain name pointer net0port133.tricom.net 210.69.182.205.IN-ADDR.ARPA domain name pointer pm32-p210.netexp.net 73.62.200.205.IN-ADDR.ARPA domain name pointer brndas07-p11.mts.net 40.193.214.205.IN-ADDR.ARPA domain name pointer barpm5-40.caribsurf.com 137.194.214.205.IN-ADDR.ARPA domain name pointer barpm4-9.caribsurf.com 56.191.218.205.IN-ADDR.ARPA domain name pointer max1-5.tctwest.net 93.20.235.205.IN-ADDR.ARPA domain name pointer backbone-20-093.guate.net 218.199.238.205.IN-ADDR.ARPA domain name pointer lwby-199ppp218.epix.net 169.59.243.205.IN-ADDR.ARPA domain name pointer 205-243-59-169.dialup.galesburgnet.net 166.64.162.206.IN-ADDR.ARPA domain name pointer txk166.txk.net 213.116.168.206.IN-ADDR.ARPA domain name pointer hiper46.seqnet.net 7.137.172.206.IN-ADDR.ARPA domain name pointer ppp16647.on.bellglobal.com 172.162.172.206.IN-ADDR.ARPA domain name pointer ppp12973.on.bellglobal.com 134.239.172.206.IN-ADDR.ARPA domain name pointer ppp902.on.bellglobal.com 226.58.173.206.IN-ADDR.ARPA domain name pointer ts020d22.per-md.concentric.net 246.141.186.206.IN-ADDR.ARPA domain name pointer slip136.mergetel.com 191.140.240.206.IN-ADDR.ARPA domain name pointer slot1.dialup01191.iswt.com 170.91.244.206.IN-ADDR.ARPA domain name pointer rip170.wesnet.com 65.56.28.206.IN-ADDR.ARPA domain name pointer mtsky-ras1-065.mis.NET 29.158.66.206.IN-ADDR.ARPA domain name pointer node19.nlamerica.com 171.165.68.206.IN-ADDR.ARPA domain name pointer pr56k-171.theramp.net 152.202.0.207.IN-ADDR.ARPA domain name pointer a152.gbso.net 155.6.107.207.IN-ADDR.ARPA domain name pointer slip151.mergetel.com 190.68.115.207.IN-ADDR.ARPA domain name pointer pm431.isomedia.com 137.11.136.207.IN-ADDR.ARPA domain name pointer pppt13-137.ght.iadfw.net 167.234.139.207.IN-ADDR.ARPA domain name pointer AS52-03-167.cas-lon.golden.net 145.84.144.207.IN-ADDR.ARPA domain name pointer dial-15.r13.ncbrvr.infoave.net 178.176.155.207.IN-ADDR.ARPA domain name pointer ts009d22.sto-ca.concentric.net 112.153.16.207.IN-ADDR.ARPA domain name pointer atmax-3-10.enter.net 200.163.16.207.IN-ADDR.ARPA domain name pointer pm3-23-200.ama.arn.net 174.89.172.207.IN-ADDR.ARPA domain name pointer 207-172-89-174.s174.tnt1.abr.md.dialup.rcn.com 44.210.175.207.IN-ADDR.ARPA domain name pointer leilani.maui.net 67.59.191.207.IN-ADDR.ARPA domain name pointer ppp058.1.5396.der.la.beci.net 161.133.205.207.IN-ADDR.ARPA domain name pointer pool-207-205-133-161.atln.grid.net 231.151.205.207.IN-ADDR.ARPA domain name pointer pool-207-205-151-231.dlls.grid.net 49.161.205.207.IN-ADDR.ARPA domain name pointer pool-207-205-161-49.nwrk.grid.net 85.65.211.207.IN-ADDR.ARPA domain name pointer p22.hwts22.loop.net 18.41.66.207.IN-ADDR.ARPA domain name pointer a018.zianet.com 191.41.66.207.IN-ADDR.ARPA domain name pointer a191.zianet.com 198.113.69.207.IN-ADDR.ARPA domain name pointer user-37kase6.dialup.mindspring.com 156.0.71.207.IN-ADDR.ARPA domain name pointer ppp156.moment.net 39.186.78.207.IN-ADDR.ARPA domain name pointer pm4-3.buggs.net 147.188.129.208.IN-ADDR.ARPA domain name pointer cw0p1-147.cleanweb.net 179.181.141.208.IN-ADDR.ARPA domain name pointer pm-pt4-26.ida.net 147.166.161.208.IN-ADDR.ARPA domain name pointer fbx-du-659.gci.net 154.121.170.208.IN-ADDR.ARPA domain name pointer tnt9-208-170-121-154.dialup.HiWAAY.net 90.122.216.208.IN-ADDR.ARPA domain name pointer morr0690.gti.net 156.108.219.208.IN-ADDR.ARPA domain name pointer z108p156.hvi.net 163.191.237.208.IN-ADDR.ARPA domain name pointer ppp-163.inlandnet.com 200.202.242.208.IN-ADDR.ARPA domain name pointer m202.4-45.warwick.net 155.52.28.208.IN-ADDR.ARPA domain name pointer dyn208-28-52-155.win.mnsi.net 49.183.30.208.IN-ADDR.ARPA domain name pointer mh-ppp49.clas.net 98.39.34.208.IN-ADDR.ARPA domain name pointer 208.34.39.98.outfitters.com 109.222.44.208.IN-ADDR.ARPA domain name pointer plutonium.shocking.com 104.165.102.209.IN-ADDR.ARPA domain name pointer bil3-40.datasync.com 35.36.103.209.IN-ADDR.ARPA domain name pointer spc-isp-ott-uas-16-34.sprint.ca 89.43.103.209.IN-ADDR.ARPA domain name pointer spc-isp-ham-uas-07-38.sprint.ca 179.168.130.209.IN-ADDR.ARPA domain name pointer 209-130-168-179.nas1.BLA.gblx.net 44.12.140.209.IN-ADDR.ARPA domain name pointer dial044.dallas.psn.net 63.9.143.209.IN-ADDR.ARPA domain name pointer gnfd-ras1-3-cs-10.dial.bright.net 183.110.150.209.IN-ADDR.ARPA domain name pointer core13d183.dynamic-dialup.toad.net 212.35.150.209.IN-ADDR.ARPA domain name pointer ct-hartford-us1015.javanet.com 81.36.150.209.IN-ADDR.ARPA domain name pointer ct-hartford-us1228.javanet.com 71.250.156.209.IN-ADDR.ARPA domain name pointer MIAMB303-25.splitrock.net 69.248.167.209.IN-ADDR.ARPA domain name pointer p37.clorine.sentex.ca 34.208.170.209.IN-ADDR.ARPA domain name pointer 034-208-170-209.pm3-1.lv.wizard.com 195.72.176.209.IN-ADDR.ARPA domain name pointer sd-0195.imaxx.net 23.40.179.209.IN-ADDR.ARPA domain name pointer pool0533.cvx14-bradley.dialup.earthlink.net 227.184.180.209.IN-ADDR.ARPA domain name pointer dialupC227.mssl.uswest.net 119.86.181.209.IN-ADDR.ARPA domain name pointer Vdialup119.slkc.uswest.net 69.105.183.209.IN-ADDR.ARPA domain name pointer ppc69.reliable-net.net 65.90.183.209.IN-ADDR.ARPA domain name pointer ip209-183-90-65.ts.indy.net 253.86.192.209.IN-ADDR.ARPA domain name pointer user-209-192-86-253.knology.net 218.160.20.209.IN-ADDR.ARPA domain name pointer 218.adhost.com 119.19.209.209.IN-ADDR.ARPA domain name pointer 209-209-19-119.oak.inreach.net 19.39.212.209.IN-ADDR.ARPA domain name pointer iah17-19.barrie.connex.net 30.133.214.209.IN-ADDR.ARPA domain name pointer host-209-214-133-30.jax.bellsouth.net 125.72.214.209.IN-ADDR.ARPA domain name pointer host-209-214-72-125.atl.bellsouth.net 136.98.214.209.IN-ADDR.ARPA domain name pointer host-209-214-98-136.sav.bellsouth.net 62.47.224.209.IN-ADDR.ARPA is a nickname for 62.0.47.224.209.IN-ADDR.ARPA 25.213.239.209.IN-ADDR.ARPA domain name pointer 209-239-213-25.lax.jps.net 162.214.239.209.IN-ADDR.ARPA domain name pointer 209-239-214-162.lax.jps.net 86.116.244.209.IN-ADDR.ARPA domain name pointer dialup-209.244.116.86.Houston1.Level3.net 155.229.249.209.IN-ADDR.ARPA domain name pointer 155.229.249.209.fastpoint.net 91.235.254.209.IN-ADDR.ARPA domain name pointer TCSNA010-0091.splitrock.net 175.244.254.209.IN-ADDR.ARPA domain name pointer LSVGA010-0175.splitrock.net 189.108.30.209.IN-ADDR.ARPA domain name pointer p189.amax44.dialup.hou1.flash.net 82.64.30.209.IN-ADDR.ARPA domain name pointer p82.amax2.dialup.hou1.flash.net 232.72.30.209.IN-ADDR.ARPA domain name pointer p232.amax40.dialup.hou1.flash.net 30.238.39.209.IN-ADDR.ARPA domain name pointer dynhost30.santafeterminal.com 116.236.49.209.IN-ADDR.ARPA domain name pointer host116.auctionbroker.com 214.75.5.209.IN-ADDR.ARPA domain name pointer maxt9m12.ipoline.com 77.26.57.209.IN-ADDR.ARPA domain name pointer andromeda-12.camb.jadeinc.net 110.125.6.209.IN-ADDR.ARPA domain name pointer 209-6-125-110.c4-0.nwt-ubr1.sbo-nwt.ma.cable.rcn.com 118.125.6.209.IN-ADDR.ARPA domain name pointer 209-6-125-118.c4-0.nwt-ubr1.sbo-nwt.ma.cable.rcn.com 211.204.6.209.IN-ADDR.ARPA domain name pointer r84aap011510.sbo-arl.ma.cable.rcn.com 208.50.75.209.IN-ADDR.ARPA domain name pointer access-50-208.ixpres.com 175.180.79.209.IN-ADDR.ARPA domain name pointer ppp-209-79-180-175.vntrcs.pacbell.net 38.65.86.209.IN-ADDR.ARPA domain name pointer user-38lcg96.dialup.mindspring.com 168.253.15.210.IN-ADDR.ARPA domain name pointer dialup-m1-40.Launceston.netspace.net.au 253.123.55.210.IN-ADDR.ARPA domain name pointer 210-55-123-253.dialup.xtra.co.nz 239.86.55.210.IN-ADDR.ARPA domain name pointer 210-55-86-239.dialup.xtra.co.nz 117.104.120.212.IN-ADDR.ARPA domain name pointer CC2768-a.deven1.ov.nl.home.com 222.23.123.212.IN-ADDR.ARPA domain name pointer dhcp-212-123-23-222.kabel.pandora.be 74.16.140.212.IN-ADDR.ARPA domain name pointer host212-140-16-74.btinternet.com 234.4.140.212.IN-ADDR.ARPA domain name pointer host212-140-4-234.btinternet.com 138.162.151.212.IN-ADDR.ARPA domain name pointer d212-151-162-138.swipnet.se 52.138.156.212.IN-ADDR.ARPA domain name pointer RAN-Dial-in-port-5684.ttnet.net.tr 13.78.186.212.IN-ADDR.ARPA domain name pointer chello212186078013.14.vie.surfer.at 231.250.205.212.IN-ADDR.ARPA domain name pointer chan530-a103.otenet.gr 36.244.216.212.IN-ADDR.ARPA domain name pointer a-ti1-5.tin.it 110.41.251.212.IN-ADDR.ARPA is a nickname for 110.64.41.251.212.in-addr.arpa 171.73.39.212.IN-ADDR.ARPA domain name pointer unamed.infotel.bg 94.71.54.212.IN-ADDR.ARPA domain name pointer 94.ppp1-16.image.dk 94.159.68.212.IN-ADDR.ARPA domain name pointer Asd-159-94.access.net.il 211.204.72.212.IN-ADDR.ARPA is a nickname for 211.128-255.204.72.212.in-addr.arpa 41.204.81.212.IN-ADDR.ARPA domain name pointer ppp19497.01019freenet.de 204.15.17.213.IN-ADDR.ARPA domain name pointer 24dyn204.utr.casema.net 165.39.44.213.IN-ADDR.ARPA domain name pointer ppp-44-39-165.wmar.club-internet.fr 64.138.6.213.IN-ADDR.ARPA domain name pointer A8a40.pppool.de 213.12.101.216.IN-ADDR.ARPA domain name pointer adsl-216-101-12-213.dsl.renocs.nvbell.net 236.122.12.216.IN-ADDR.ARPA domain name pointer logan-122-236.intelos.net 129.28.154.216.IN-ADDR.ARPA domain name pointer ts7-35t-34.idirect.com 214.192.160.216.IN-ADDR.ARPA domain name pointer kdslppp214.phnx.uswest.net 7.136.164.216.IN-ADDR.ARPA domain name pointer 216-164-136-7.s7.tnt4.lnhva.md.dialup.rcn.com 131.238.168.216.IN-ADDR.ARPA domain name pointer host.dev1.netsol.com 214.21.175.216.IN-ADDR.ARPA domain name pointer gen4-ch310.geneseo.net 153.10.180.216.IN-ADDR.ARPA domain name pointer tc01-216-180-10-153.dialup.HiWAAY.net 245.167.2.216.IN-ADDR.ARPA domain name pointer ws13-245.ny.agency.com 83.89.207.216.IN-ADDR.ARPA domain name pointer pm1-4.wood.samlink.com 70.17.209.216.IN-ADDR.ARPA domain name pointer HSE-Toronto-ppp84247.sympatico.ca 120.20.209.216.IN-ADDR.ARPA domain name pointer HSE-Toronto-ppp86075.sympatico.ca 211.208.209.216.IN-ADDR.ARPA domain name pointer HSE-Montreal-ppp101152.sympatico.ca 107.131.220.216.IN-ADDR.ARPA domain name pointer d44.k1-2.tecinfo.com 165.167.220.216.IN-ADDR.ARPA domain name pointer hbg-167-165.paonline.com 227.109.221.216.IN-ADDR.ARPA domain name pointer tc-989.dialup.srtnet.com 162.3.51.216.IN-ADDR.ARPA domain name pointer pc162.american-it.com 192.46.68.216.IN-ADDR.ARPA domain name pointer as3-216-68-46-192.fuse.net 138.66.68.216.IN-ADDR.ARPA domain name pointer archon-216-68-66-138.fuse.net 140.71.70.216.IN-ADDR.ARPA domain name pointer ppp-390.tnt-1.wdc.smartworld.net 109.82.70.216.IN-ADDR.ARPA domain name pointer ppp-109.tnt-1.hou.smartworld.net 203.216.77.216.IN-ADDR.ARPA domain name pointer host-216-77-216-203.fll.bellsouth.net 40.21.78.216.IN-ADDR.ARPA domain name pointer host-216-78-21-40.cae.bellsouth.net 107.240.78.216.IN-ADDR.ARPA domain name pointer host-216-78-240-107.psl.bellsouth.net 195.40.78.216.IN-ADDR.ARPA domain name pointer host-216-78-40-195.ath.bellsouth.net 114.83.78.216.IN-ADDR.ARPA domain name pointer host-216-78-83-114.cha.bellsouth.net 225.68.79.216.IN-ADDR.ARPA domain name pointer pm1-18.lou-telecom.net 144.193.94.216.IN-ADDR.ARPA domain name pointer ws-144.bigredh.com 216.151.131.24.IN-ADDR.ARPA domain name pointer el01-24-131-151-216.ce.mediaone.net 176.18.140.24.IN-ADDR.ARPA domain name pointer cable-18-176.sssnet.com 151.128.141.24.IN-ADDR.ARPA domain name pointer cogeco-128-151.cgocable.net 18.52.188.24.IN-ADDR.ARPA domain name pointer d52-18.bbylny.optonline.net 197.55.188.24.IN-ADDR.ARPA domain name pointer d55-197.bbylny.optonline.net 204.196.2.24.IN-ADDR.ARPA domain name pointer c400110-a.mntp1.il.home.com 79.204.2.24.IN-ADDR.ARPA domain name pointer cb43657-b.rchstr1.mn.home.com 209.48.222.24.IN-ADDR.ARPA domain name pointer s48n209.tru.eastlink.ca 72.46.226.24.IN-ADDR.ARPA domain name pointer cgowave-46-72.cgocable.net 184.203.5.24.IN-ADDR.ARPA domain name pointer c1026285-a.smateo1.sfba.home.com 139.6.5.24.IN-ADDR.ARPA domain name pointer cx83738-a.elcjn1.sdca.home.com 177.117.6.24.IN-ADDR.ARPA domain name pointer cc684561-a.wstal1.sc.home.com 23.104.64.24.IN-ADDR.ARPA domain name pointer 24.64.104.23.ab.wave.home.com 83.38.64.24.IN-ADDR.ARPA domain name pointer 24.64.38.83.ab.wave.home.com 196.159.8.24.IN-ADDR.ARPA domain name pointer c798436-a.saltlk1.ut.home.com 137.92.92.24.IN-ADDR.ARPA domain name pointer m7hFs2n137.midsouth.rr.com 111.191.93.24.IN-ADDR.ARPA domain name pointer a2-1b111.neo.rr.com 111.191.93.24.IN-ADDR.ARPA domain name pointer a2-1b111.neo.lrun.com 196.169.95.24.IN-ADDR.ARPA domain name pointer ith1-2c4.twcny.rr.com 38.194.95.24.IN-ADDR.ARPA domain name pointer d185fc226.rochester.rr.com 141.64.100.32.IN-ADDR.ARPA domain name pointer slip-32-100-64-141.nj.us.prserv.net 170.161.12.38.IN-ADDR.ARPA domain name pointer ip170.pontiac2.mi.pub-ip.psi.net 251.35.151.38.IN-ADDR.ARPA domain name pointer r-bcomputer.com 191.47.30.38.IN-ADDR.ARPA domain name pointer ip191.washington11.dc.pub-ip.psi.net 27.15.33.38.IN-ADDR.ARPA domain name pointer ip27.nashville17.tn.pub-ip.psi.net 87.64.21.4.IN-ADDR.ARPA domain name pointer s87.f.serial.staffnet.com 178.135.0.62.IN-ADDR.ARPA domain name pointer ras6-p178.tlv.netvision.net.il 8.150.0.62.IN-ADDR.ARPA domain name pointer RAS6-p8.hfa.netvision.net.il 14.153.0.62.IN-ADDR.ARPA domain name pointer RAS1-p14.hrz.netvision.net.il 196.162.0.62.IN-ADDR.ARPA domain name pointer RAS4-p68.jlm.netvision.net.il 217.81.0.62.IN-ADDR.ARPA domain name pointer host217-81.mishkei.org.il 61.131.125.62.IN-ADDR.ARPA domain name pointer userai30.netscapeonline.co.uk 22.10.136.62.IN-ADDR.ARPA domain name pointer modem-22.scandium.dialup.pol.co.uk 5.125.136.62.IN-ADDR.ARPA domain name pointer modem-5.cricket.dialup.pol.co.uk 27.90.158.62.IN-ADDR.ARPA domain name pointer p3E9E5A1B.dip.t-dialin.net 148.136.252.62.IN-ADDR.ARPA domain name pointer m148-mp1-cvx1b.ren.ntl.com 145.232.52.62.IN-ADDR.ARPA domain name pointer frnk-m232-145.pool.mediaways.net 7.100.16.63.IN-ADDR.ARPA domain name pointer 1Cust7.tnt2.gastonia.nc.da.uu.net 118.15.17.63.IN-ADDR.ARPA domain name pointer 1Cust118.tnt4.new-orleans.la.da.uu.net 198.32.17.63.IN-ADDR.ARPA domain name pointer 1Cust198.tnt1.huntington-beach2.ca.da.uu.net 102.140.21.63.IN-ADDR.ARPA domain name pointer 1Cust102.tnt4.richmond.va.da.uu.net 237.224.21.63.IN-ADDR.ARPA domain name pointer 1Cust237.tnt3.beaverton.or.da.uu.net 142.141.210.63.IN-ADDR.ARPA domain name pointer dialup-63.210.141.142.Boston1.Level3.net 197.8.22.63.IN-ADDR.ARPA domain name pointer 1Cust197.tnt1.marion.oh.da.uu.net 32.168.24.63.IN-ADDR.ARPA domain name pointer 1Cust32.tnt8.lax1.da.uu.net 10.69.27.63.IN-ADDR.ARPA domain name pointer 1Cust10.tnt12.det3.da.uu.net 37.167.28.63.IN-ADDR.ARPA domain name pointer 1Cust37.tnt11.clearwater.fl.da.uu.net 3.112.7.63.IN-ADDR.ARPA domain name pointer 21Cust3.tnt11.tpa2.da.uu.net 95.146.83.63.IN-ADDR.ARPA domain name pointer m44pburg-1-39.enter.net 103.88.4.64.IN-ADDR.ARPA domain name pointer dock07-00-47.ner.pangea.ca
Current thread:
- Re: IRC-bots: what are they for ?, (continued)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)
- Solaris BSM Audit Logs Wozz (Jan 17)
- Re: Strange behaviour John Turner (Jan 17)
- SMTP bombing Kaupo Palo (Jan 18)
- Log tools? Chad Day (Jan 17)