From Mexico.purplecow.org
(Difference between revisions)
(details) |
(more detail and snip) |
||
| Line 8: | Line 8: | ||
Connections detected from two MacOS hosts and one Vista host to this IP. | Connections detected from two MacOS hosts and one Vista host to this IP. | ||
| - | + | Data: | |
| - | Conclusion: | + | * Investigation on Vista host indicates process responsible for the connection is [[Skype]]. Skype is running but NOT logged in on this host. |
| + | * A look at all three Skype instances show only two common contacts, one of which is unlikely to be at this IP address. | ||
| + | * The remaining is the "Skype Test Call" - username:echo123. | ||
| + | * Placing a call generates mainly UDP traffic - and not to this IP. | ||
| + | * Logging out of Skype created activity as per attached snip. [[image:potentialskypetraffic1.jpg|none|thumb|Potential Skype Traffic?]] | ||
| + | |||
| + | Conclusion: Possibly some sort of Skype ping. Non-conclusive. | ||
[[Category: Tech]] [[Category: Security]] | [[Category: Tech]] [[Category: Security]] | ||
Revision as of 15:05, 3 August 2009
Routine browsing of NetFlow yielded the following:
Connections to: 129.78.131.94 Port: 61070/TCP
PTR: dp-dellxp08.physiol.usyd.edu.au.
Connections detected from two MacOS hosts and one Vista host to this IP.
Data:
- Investigation on Vista host indicates process responsible for the connection is Skype. Skype is running but NOT logged in on this host.
- A look at all three Skype instances show only two common contacts, one of which is unlikely to be at this IP address.
- The remaining is the "Skype Test Call" - username:echo123.
- Placing a call generates mainly UDP traffic - and not to this IP.
- Logging out of Skype created activity as per attached snip.
Potential Skype Traffic?
Conclusion: Possibly some sort of Skype ping. Non-conclusive.
![[]](/skins/blender/open.png)
