[nsp-sec] A bit interested in a specific IP address
Ross, Jason
Jason.Ross at GlobalCrossing.com
Thu May 8 16:19:42 EDT 2008
Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Dario Ciccarone (dciccaro)
> Sent: Thursday, May 08, 2008 3:12 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] A bit interested in a specific IP address
>
> ----------- nsp-security Confidential --------
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Folks:
>
> Hi there. We here at PSIRT are a bit interested in some
> traffic we've seen coming out from 61.135.164.84
<snip>
> Also if anyone happens to see anything interesting (in any
> sense, in the BROAD sense) coming out of it, we would very much
> appreciate to hear from it :)
I can't see a whole lot coming from it here, but I do see bunches of
UDP/53 (and a bit of ICMP) going to it.
Most of this was single packets, but there were a couple exceptions:
SRC IP # of Packets
-----------------------------
80.64.206.100 2505
87.118.58.24 2508
195.176.0.145 2517
The first and third appear to be potentially valid nameservers:
80.64.206.100 PTR ns0.cognita.no.
195.176.0.145 PTR ns1.mandint.org.
$ host -tNS cognita.no.
cognita.no name server ns1.cognita.no.
cognita.no name server ns0.cognita.no.
$ host -tNS mandint.org
mandint.org name server ns0.mandint.org.
mandint.org name server ns1.mandint.org.
mandint.org name server ns2.massive.ch.
The only other thing that jumped out at me really was this:
Proto : icmp
Src IP : 208.49.23.11
Src Port : (3) Unreachable
Dst IP : 61.135.164.84
Dst Port : (10) Host Prohib
--
Jason
More information about the nsp-security
mailing list