[CLUE-Talk] Clue: WARNING! Goverment starting OS Probes! -
UPDATE
Richard Knechtel
krs3 at qwest.net
Mon Sep 10 17:44:39 MDT 2001
My typo mistake it should have read:
198.68.2.2
There is more to the story.
I have now had 5 of these probes. Also my Cisco675 did a couple of UDP port
probes on my system. This is AFTER I ran the CBOS upgrade QWEST recomedend
as part of the "code red worm permanant fix."
I did a ping of 198.68.2.2 in Netlab and it refered to another IP from this
one it refered to 144.232.8.17 .
Geektools WHOIS shows:
Sprint/United Information Service (NET-SPRINT-INNET9)
13221 Woodland Park Road
Herndon, VA 22071
US
Netname: SPRINT-INNET9
Netblock: 144.232.0.0 - 144.232.255.255
Maintainer: SPRN
Coordinator:
12490 SunriseValley
Drive (SPRINT-NOC-ARIN) NOC at SPRINT.NET
800-232-6895Fax- 703-478-5471
Domain System inverse mapping provided by:
NS1-AUTH.SPRINTLINK.NET 206.228.179.10
NS2-AUTH.SPRINTLINK.NET 144.228.254.10
NS3-AUTH.SPRINTLINK.NET 144.228.255.10
Virginia huh?
Spookville USA!
Anyone else run the Cisco675 CBOS upgrade and had unsual things reported by
there firewalls and such?
At 09:03 PM 9/9/01 -0600, you wrote:
>Richard Knechtel wrote:
>
> > Watch out!
> >
> > Just after reading the information about the SSSCA becomming known on
> > Slashdot I got a TCP OS Fingerprint probe from IP 198.68.22 .
> > Whois tells me this:
> >
> > Sprint Government Systems Division (NETBLK-SPRINTBLK) NETBLK-SPRINTBLK
>
>Huh. Looks to me that 198.68.22.0 belongs to an ISP called peak.org in
>Oregon.
>Probably a front for the department of Sprint that runs the government.
>Beware!
>
>Dave
>;-)
>
>
>
>
>_______________________________________________
>CLUE-Talk mailing list
>CLUE-Talk at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-talk
More information about the clue-talk
mailing list