Snort mailing list archives
openaanval calling home
From: "BM HM" <bm0714 () hotmail com>
Date: Mon, 19 Apr 2004 18:49:39 -0500
I was just watching some tcpdump traffic and noticed my snort box making an outbound connection to 217.160.255.191
Looking up the IP I found that it is the website for openaanval 'www.aanval.com'. It appears that exactly every 30 minutes, I mean EXACTLY it makes a short http connection to the aanval website.
I looked through the php code and I think it is simply checking for version information, but I am not experienced enough to know for real. Is this something I should be concerned about?
Could they be piggy-backing data maybe? What would they want to collect anyway?
_________________________________________________________________
From must-see cities to the best beaches, plan a getaway with the Spring
Travel Guide! http://special.msn.com/local/springtravel.armx ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- openaanval calling home BM HM (Apr 19)