[Snort-users] openaanval calling home
bm0714 at ...125...
Mon Apr 19 16:50:12 EDT 2004
I was just watching some tcpdump traffic and noticed my snort box making an
outbound connection to 22.214.171.124
Looking up the IP I found that it is the website for openaanval
'www.aanval.com'. It appears that exactly every 30 minutes, I mean EXACTLY
it makes a short http connection to the aanval website.
I looked through the php code and I think it is simply checking for version
information, but I am not experienced enough to know for real. Is this
something I should be concerned about?
Could they be piggy-backing data maybe? What would they want to collect
More information about the Snort-users