Re: Port 1443

[john_smith () rd qms com]

     Hello All,
     
        One source I've used to try to track down those hard to find IP 
     addresses is:
     
     http://ipindex.dragonstar.net/
     
        Can be a good starting point.
     
        According to that site the 207.112.128.0 - 207.112.255.0 block is 
     allocated to NAP.NET, LLC (netblk-cnap-nn03).
     
        Have a good day (or night:).
     
     John Smith
     QMS, Inc.


______________________________ Reply Separator _________________________________
Subject: Port 1443
Author:  "Justin Clift" <vapour () digitaldistribution com> at Internet-Mail
Date:    10/9/98 3:44 PM


Hiyas,
     
One of our users is running ConSEAL PC Firewall on her PC.  She has a 
dial-up modem connection, on a standalone PC.
     
As of yesterday, it is reporting outgoing TCP connection attempts to 
207.112.156.42 on Port 1443, but the source port on her PC is incrementing 
by one on every failed attempt.  There is a new attempt around every 10 to 
20 seconds, whilst she is online only though.
     
I am unable to resolve who that IP belongs to, and I'm wondering if anyone 
knows if this may be a trojan or something as simple as registration 
confirmation.
     
Does anyone know of a way on Win95 to find out which process/application is 
initiating these connection attempts?
     
I haven't gone to the stage of removing the machine, and then spoofing the 
target IP on a standalone dial-in system to find out what it does when it 
connects just yet....
     
+ Justin Clift
Digital Distribution
www.digitaldistribution.com