pauls at ...6838...
Fri Nov 9 12:43:54 EST 2007
--On Friday, November 09, 2007 09:29:58 -0500
dhottinger at ...14237... wrote:
> Quoting Joel Esler <joel.esler at ...1935...>:
>> Joel Esler
>> Sent from the road.
>> On Nov 9, 2007, at 9:09 AM, dhottinger at ...14237... wrote:
>>> Are the porn.rules flagged based on words typed in url's or search
> Im seeing a connection to PORN masturbation site. However the source
> address 184.108.40.206:80 doesnt resolve. Does anyone know what this
> address is? dnsstuff.com says it belongs to rackspace.com, Im
> thinking rackspace probably rents server space for domains?
[ Informations about 220.127.116.11 ]
IP range : 18.104.22.168 - 22.214.171.124
Network name : RSPC-119544-1177630982
Infos : Answers in Genisis
Infos : P.O. Box 510
Infos : Hebron
Infos : KY
Infos : 41048
Country : United States (US)
Abuse E-mail : abuse at ...14239...
Source : ARIN
The IP doesn't reverse. Verisign is the SOA. Port 80 *is* open.
# nmap 126.96.36.199
Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-09 11:37 CST
Interesting ports on 188.8.131.52:
Not shown: 1692 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp closed ssh
80/tcp open http
443/tcp open https
3389/tcp open ms-term-serv
Paul Schmehl (pauls at ...6838...)
Senior Information Security Analyst
The University of Texas at Dallas
More information about the Snort-users