[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1065081075.19143.52.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: MSN appears to be being a bit snoopy via a Hotmail server...
We are running a Linux floppyfw on the outside, splitting into an
unrestricted work space, and a stronger firewall to protect the office
side of things.
A computer was being setup that is running MSN software, and during it's
1 day on the benches, our good firewall recorded the following hits from
the below noted site, all of which were aimed * directly * at the IP
address of the internal firewall's NIC (represented by "xxx.xxx.xxx.xxx"
below) climbing over the floppyfw to do so...
Time Chain Iface Proto Source Src Port Destination Dst
Port
11:34:12 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
11:34:13 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
11:34:14 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
11:34:15 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
14:31:43 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
14:31:43 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
14:31:44 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
14:31:45 INPUT eth2
UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075
Trying whois -h whois.arin.net 64.4.12.201
OrgName: MS Hotmail
OrgID: MSHOTM
Address: 1065 La Avenida
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
NetRange: 64.4.0.0 - 64.4.63.255
CIDR: 64.4.0.0/18
NetName: HOTMAIL
NetHandle: NET-64-4-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:
RegDate: 1999-11-24
Updated: 2003-06-27
TechHandle: MSFTP-ARIN
TechName: MSFT-POC
TechPhone: +1-425-882-8080
TechEmail: iprrms@...rosoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@...rosoft.com
And from our internal firewall's proxy logs, noone here was logged into
Hotmail or MSN servers during these times...
The above mentioned computer's time in our shop is the only thing I can
relate this traffic to, as noone is allowed to run MSN software on any
of our Linux workstations...
;-)
--
Cheers,
Dan Renner
President
Los Angeles Computerhelp
818-352-8700
http://losangelescomputerhelp.com
Powered by blists - more mailing lists