This appears to be a normal web browsing session. Note that the source port is 80 and labled [World Wide Web HTTP]. The destination ports are somewhat sequential, and in the typical range of client ports that many OS's use for making outbound connections. Also note that the source IP is the ip of www.terraserver.com. Unless I'm missing something, what you are seeing is the inbound traffic generated by loading www.terraserver.com in a web browser. On Sat, 30 Jun 2001, William Knowles wrote: > Below is the cliff-notes of about 46 alerts to the personal firewall > on my laptop, the is the first time in awhile I've seen someone try to > shoot trinoo to my machine. I thought I should share this information > with the rest of the list, and see if anyone else is noticing this > pattern. > > Cheers! > > William Knowles > wkat_private > > > > Sat Jun 30 07:50:38 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1458 [Nichols Research Corp.] > Sat Jun 30 07:53:34 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1470 [Universal Analytics] > Sat Jun 30 07:58:36 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1460 [Proshare Notebook > Application] > Sat Jun 30 07:58:37 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1478 [ms-sna-base] > Sat Jun 30 08:00:26 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1516 [Virtual Places Audio data] > Sat Jun 30 08:00:32 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1497 [rfx-lm] > Sat Jun 30 08:00:39 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1510 [Midland Valley Exploration > Ltd. Lic. Man.] > Sat Jun 30 08:01:02 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1500 [VLSI License Manager] > Sat Jun 30 08:02:45 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1524 [ingres] Trinoo > Sat Jun 30 08:02:45 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1524 [ingres] Trinoo > Sat Jun 30 08:05:09 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1524 [ingres] Trinoo > Sat Jun 30 08:05:10 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1524 [ingres] Trinoo > Sat Jun 30 08:06:45 AM tcp 64.244.210.34 -> 166.90.214.151 > 80 [World Wide Web HTTP] -> 1516 [Virtual Places Audio data] > > > > *==============================================================* > "Communications without intelligence is noise; Intelligence > without communications is irrelevant." Gen Alfred. M. Gray, USMC > ================================================================ > C4I.org - Computer Security, & Intelligence - http://www.c4i.org > *==============================================================* > > > > > ---------------------------------------------------------------------------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com > > -- Edward Fahner Systems Administrator, Planet Communications Network (540)442-6677 x222 [aka. Akatosh .CU.Au, akatoshat_private] DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)N^MH+$-Fj~R+Ac+++!J+S+U-I--#V+++Q+Tc++ GCSds:-a---C++++UL++++P---L++++E-W++N+o?K-w---O-M--V-PS+PE?YPGPt+5++XR*!tvb++(+++)DI++D++Geh+r++y+ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 10:05:05 PDT