S
Sparkplug
My AntiVirus software is blocking outbound access to 217.8.241.228,8005.
Any ideas what this is?
Thanks.
Any ideas what this is?
Thanks.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
T
The Cleaning Wonder Boy
T
The Cleaning Wonder Boy
217.8.241.228
IP 217.8.241.228 resolves to:
% This is the RIPE Whois secondary server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 217.8.241.0 - 217.8.241.255
netname: XCALIBRE
descr: Webservers
country: GB
admin-c: TL689-RIPE
tech-c: TL689-RIPE
status: ASSIGNED PA
mnt-by: XCALIBRE-MNT
changed: (e-mail address removed) 20030116
source: RIPE
route: 217.8.240.0/20
descr: XCalibre
origin: AS15379
mnt-by: XCALIBRE-MNT
changed: (e-mail address removed) 20030221
source: RIPE
person: Tony Lucas
address: XCalibre Communications Ltd
address: Geddes House Business Centre
address: Kirkton North, Livingston
address: West Lothian
address: EH54 6GU
phone: +44 01506 606 000
e-mail: (e-mail address removed)
nic-hdl: TL689-RIPE
mnt-by: XCALIBRE-MNT
changed: (e-mail address removed) 20020912
source: RIPE
S
Sparkplug
<snip>IP 217.8.241.228 resolves to:
I got to that moments after I posted. But why port 8005 on an outbound TCP
connection?
T
The Cleaning Wonder Boy
Because they are trying to be inconspicuous. And they are thinking that<snip>
I got to that moments after I posted. But why port 8005 on an outbound TCP
connection?
that that random port will be open
Are you saying that ZA caught this IP as the Source or the Destination?
S
Sparkplug
Because they are trying to be inconspicuous. And they are thinking that
that that random port will be open
Are you saying that ZA caught this IP as the Source or the Destination?
It is the destination.
T
The Cleaning Wonder Boy
Well, sounds to me like you have a trojan installed. Better get itIt is the destination.
before it does damage.
T
Tony Lucas
The Cleaning Wonder Boy said:On Tue, 26 Oct 2004 15:14:55 -0500, The Cleaning Wonder Boy
Well, sounds to me like you have a trojan installed. Better get it
before it does damage.
It's harmless, he's been browsing our website and the live chat server (see
the graphic on the left hand menu, and right click, properties), it runs a
script to detect if chat operators are available by connecting to a
webserver running on port 8005.
I don't subscribe to this newsgroup so if you want to follow this up please
drop me an e-mail.
Regards,
Tony Lucas
XCalibre Communications Ltd
http://www.xcalibre.co.uk