On Sun, 20 Oct 2002 23:12:39 -0400, Michael Fratoni wrote: > > I am only getting these messages because I have outbound packets > > with destination port 7 blocked. I think I may have been compromised > > in some way, just because the packets are outbound. They seem to > > come in groups of 6 at seemingly random intervals and seem to be > > focused on the following addresses: > > 216.52.13.9[014] and 209.204.62.150 > > > > I have a number of questions about how to deal with this issue: > > > > 1. How can I find out what program is running to produce this? > > 2. Is anyone else getting messages like this in their syslog? (You > > would need your firewall to block appropriately to see this.) > > 3. Is there any way that I can get access to those packets and see > > what the message is that they are trying to send? > > It would appear you are not alone. There have been other reports of > the same behaviour. 209.204.62.150 resolves to razor.pacificnet.net. > The other addresses don't resolve. > Searching on google for that returns several hits, the first 2 being > dead links. Not much info, and no real answer that I saw. > http://www.google.com/search?q=%22razor.pacificnet.net%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&filter=0 http://ws.arin.net/cgi-bin/whois.pl NetRange: 216.52.13.0 - 216.52.13.31 CustName: Coradiant Inc. Address: 1220 University Drive, Suite 202 Menlo Park CA 94025 Country: US Maybe you recognize this?
Attachment:
pgp00259.pgp
Description: PGP signature
