From Mexico.purplecow.org
(Difference between revisions)
(details) |
Current revision (15:07, 3 August 2009) (view source) (FIN) |
||
(2 intermediate revisions not shown.) | |||
Line 8: | Line 8: | ||
Connections detected from two MacOS hosts and one Vista host to this IP. | Connections detected from two MacOS hosts and one Vista host to this IP. | ||
- | + | Data: | |
- | Conclusion: | + | * Investigation on Vista host indicates process responsible for the connection is [[Skype]]. Skype is running but NOT logged in on this host. |
+ | * A look at all three Skype instances show only two common contacts, one of which is unlikely to be at this IP address. | ||
+ | * The remaining is the "Skype Test Call" - username:echo123. | ||
+ | * Placing a call generates mainly UDP traffic - and not to this IP. | ||
+ | * Logging out of Skype created activity as per attached snip. [[image:potentialskypetraffic1.jpg|right|thumb|Potential Skype Traffic?]] FIN packets tell us the game was over for now. | ||
+ | |||
+ | Conclusion: Possibly some sort of Skype ping. Non-conclusive. | ||
[[Category: Tech]] [[Category: Security]] | [[Category: Tech]] [[Category: Security]] |
Current revision
Routine browsing of NetFlow yielded the following:
Connections to: 129.78.131.94 Port: 61070/TCP
PTR: dp-dellxp08.physiol.usyd.edu.au.
Connections detected from two MacOS hosts and one Vista host to this IP.
Data:
- Investigation on Vista host indicates process responsible for the connection is Skype. Skype is running but NOT logged in on this host.
- A look at all three Skype instances show only two common contacts, one of which is unlikely to be at this IP address.
- The remaining is the "Skype Test Call" - username:echo123.
- Placing a call generates mainly UDP traffic - and not to this IP.
- Logging out of Skype created activity as per attached snip. FIN packets tell us the game was over for now.
Conclusion: Possibly some sort of Skype ping. Non-conclusive.