Wednesday, May 12, 2010
DNS server
ok, just got home, thought i'd look at the monitor.
nothing much going on, except i see two reciprocated queries to an address i recognize as something that comes up often as a comcast address - both packets were DNS packets, which as i take it are a type of UDP packet, or maybe not. anyways, i guessed that the address must be a DNS server. since i usually am not using the web browser when i look at the monitor, i wouldn't have noticed this before.
so, i google it and sure enough, 68.87.71.230 is the primary comcast DNS server for massachusetts.
now, one of the queries was for the institute FTP server, which i used to get a file. the other was for tools.google.com, which i do not like, because i did not know google was running something in the background on my computer. the address was then contacted and some packets were traded, a couple were HTTP messages saying "update". i'm going to find out what it is, and kill it. (could be Chrome which i have installed but don't use. i don't have any google plugins or anything for firefox. Chrome must go.)
nothing much going on, except i see two reciprocated queries to an address i recognize as something that comes up often as a comcast address - both packets were DNS packets, which as i take it are a type of UDP packet, or maybe not. anyways, i guessed that the address must be a DNS server. since i usually am not using the web browser when i look at the monitor, i wouldn't have noticed this before.
so, i google it and sure enough, 68.87.71.230 is the primary comcast DNS server for massachusetts.
now, one of the queries was for the institute FTP server, which i used to get a file. the other was for tools.google.com, which i do not like, because i did not know google was running something in the background on my computer. the address was then contacted and some packets were traded, a couple were HTTP messages saying "update". i'm going to find out what it is, and kill it. (could be Chrome which i have installed but don't use. i don't have any google plugins or anything for firefox. Chrome must go.)
China 222
maybe a better name for this log should be "what random thing did i see today".
1. it's hard to type in a wrist brace. that fits with "what did i learn today", so..
2. saw four packets from China, from address 222.45.112.59. they soaked into 4 ports which i lost because i restarted the monitor - got distracted at the wrong time, lost good information... i did scan the address and found that it may be a server - google indicates it could be a proxy server: open ports on 1026 and 3389. note comments here and especially here. apparently multiple Chinese IPs starting with 222 are pushing scans all over the place, irritating lots of people.
1. it's hard to type in a wrist brace. that fits with "what did i learn today", so..
2. saw four packets from China, from address 222.45.112.59. they soaked into 4 ports which i lost because i restarted the monitor - got distracted at the wrong time, lost good information... i did scan the address and found that it may be a server - google indicates it could be a proxy server: open ports on 1026 and 3389. note comments here and especially here. apparently multiple Chinese IPs starting with 222 are pushing scans all over the place, irritating lots of people.
Sunday, May 09, 2010
not much 2
ok, this is interesting. another packet from ircu.krypt.com. the host at that address has just about all of its ports open. i haven't seen that before. is this some sort of lure?
*edit*
not a lure - i think it's an open proxy. all those open ports are so that other hosts can use it as a proxy for whatever service they want. i can't find any resource that actually confirms this (and i think that having all ports open doesn't necessarily mean it's an open proxy), but i think that's what it is.
always something new to learn...
*edit*
not a lure - i think it's an open proxy. all those open ports are so that other hosts can use it as a proxy for whatever service they want. i can't find any resource that actually confirms this (and i think that having all ports open doesn't necessarily mean it's an open proxy), but i think that's what it is.
always something new to learn...
Subscribe to:
Posts (Atom)