A network where I have one.

Just set up a new Win2K3 server (don't lecture, I have as much religion
as the next guy). It's been up for 3 weeks or so and before we went
live, it punked out (seems to be a memory problem - ahem - Dell)...

Anyway, I happened to run netstat on the sucker and what do I see but a
connection that makes no sense at all since it is not exposed to the
internet in any fashion.

TCP MY_HOSTNAME:3289 213.254.229.147:http  ESTABLISHED

I can ping that ip address and it's really bothering me. I am going to
block it at the firewall but I can't get a handle on it.

fingerprinting...

# nmap -O 213.254.229.147

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-09-22 19:53
MST
Interesting ports on 213.254.229.147:
(The 1655 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
500/tcp open  isakmp
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.20 (Itanium)
Uptime 24.386 days (since Mon Aug 29 10:37:26 2005)

Nmap run completed -- 1 IP address (1 host up) scanned in 16.391 seconds

Anybody have any ideas what is going on?

Obviously I put new rules into Linux firewall and rebooted both systems
but blocking that one ip address isn't likely to stop whatever it was
that was connected - it may be something like Computer Associates
BrightStor/ArcServe doing a phone home thing but it really bothered me.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss