[CLUE-Tech] Wierd network behaviour
Russell Glissmann
rglissmann at rfgsolutions.com
Thu Jul 1 09:33:51 MDT 2004
While troubleshooting other network issues, I ran a tcpdump on a network
file server. I have repeatedly seen the following:
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
255.89.194.zip > 0.0.zip: at-#6 25
There is obviously other network traffic as well, but this is the
traffic that concerns me. Considering the number of viruses that travel
in zip files, is this what I am looking at? I ran a 'find' on the
server looking for zip files, but none were recent, and none with the
same name as above.
Ideas / suggestions are appreciated.
Thanks!
Russ
More information about the clue-tech
mailing list