[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: Vigor Router - NAT Sessions ?
Is the machine definately covered for the sobig.f virus, the SMTP engine it
uses tries DNS lookups to find MX records for remote domains.
Look at http://tinyurl.com/lg61 for
more information on how it uses DNS
You could scan it online with something like http://housecall.antivirus.com
(web based antivirus scanning - Free) just to be sure your antivirus
product
hasn't missed something.
Sorry if you've already checked this.
Shmern
> This is what I find strange.
>
> This PC is like all the others in the building - DHCP obtained from
> Router - DNS obtained automatically to.
>
> Nothing is set on the machine different to others ??
>
>
> Dean
>
> -----Original Message-----
> From: Ade [mailto:yahoo@xxxxxxx]
> Sent: 28 August 2003 09:34
> To: ukha_d@xxxxxxx
> Subject: Re: [ukha_d] Vigor Router - NAT Sessions ?
>
>
> they'd all be DNS lookups, would they not (port 53) - does that pc
have
> the DNS set to 192.175.48.1?. I think you will see a session per DNS
> lookup
>
> Ade
>
>
> --------- Original Message --------
> From: ukha_d@xxxxxxx
> To: ukha_d@xxxxxxx <ukha_d@xxxxxxx>
> Subject: [ukha_d] Vigor Router - NAT Sessions ?
> Date: 28/08/03 08:28
>
> >
> > Can someone explain this for me :-
> >
> >
----------------------------------------------------------------------
> > --
> > -------
> > Private IP :Port #Pseudo Port Peer IP :Port Ifno
Status
> >
> >
----------------------------------------------------------------------
> > --
> > -------
> > 192.168.16.207 3115 33447 192.175.48.1 53 3 0
> > 192.168.16.207 3116 33443 192.175.48.1 53 3 0
> > 192.168.16.207 3117 33442 192.175.48.1 53 3 0
> > 192.168.16.207 3379 34864 192.175.48.1 53 3 0
> > 192.168.16.211 3891 34352 192.175.48.1 80 3 0
> > 192.168.16.207 3132 33062 192.175.48.1 53 3 0
> > 192.168.16.207 3391 34826 192.175.48.1 53 3 0
> > 192.168.16.207 3392 34825 192.175.48.1 53 3 0
> > 192.168.16.207 3393 34824 192.175.48.1 53 3 0
> > 192.168.16.207 3139 33048 192.175.48.1 53 3 0
> > 192.168.16.207 3141 33046 192.175.48.1 53 3 0
> > 192.168.16.207 3398 34816 192.175.48.1 53 3 0
> > 192.168.16.207 3148 33036 192.175.48.1 53 3 0
> > 192.168.16.207 3149 33032 192.175.48.1 53 3 0
> > 192.168.16.207 3406 34804 192.175.48.1 53 3 0
> > 192.168.16.207 3156 34920 192.175.48.1 53 3 0
> > 192.168.16.207 3157 34915 192.175.48.1 53 3 0
> > 192.168.16.207 3158 34914 192.175.48.1 53 3 0
> > 192.168.16.207 3163 34887 192.175.48.1 53 3 0
> > 192.168.16.207 3420 34760 192.175.48.1 53 3 0
> > 192.168.16.207 3164 34886 192.175.48.1 53 3 0
> > 192.168.16.207 3165 34885 192.175.48.1 53 3 0
> > 192.168.16.208 1026 33055 163.176.1.95 80 3 2
> > 192.168.16.207 3170 34782 192.175.48.1 53 3 0
> > 192.168.16.208 1027 33054 163.176.1.95 80 3 2
> > 192.168.16.207 3171 34743 192.175.48.1 53 3 0
> > 192.168.16.207 3172 34731 192.175.48.1 53 3 0
> > 192.168.16.207 3435 34737 192.175.48.1 53 3 0
> > 192.168.16.211 3888 34353 137.222.20.59 80 3 0
> > 192.168.16.207 3183 34426 192.175.48.1 53 3 0
> > 192.168.16.207 3445 34700 192.175.48.1 53 3 0
> > 192.168.16.207 3189 34402 192.175.48.1 53 3 0
> > 192.168.16.207 3190 34400 192.175.48.1 53 3 0
> > 192.168.16.207 3198 34389 192.175.48.1 53 3 0
> > 192.168.16.207 3455 34688 192.175.48.1 53 3 0
> > 192.168.16.211 3840 34471 199.174.114.125 80 3 0
> > 192.168.16.207 3461 34677 192.175.48.1 53 3 0
> > 192.168.16.207 3206 33651 192.175.48.1 53 3 0
> > 192.168.16.207 3207 33650 192.175.48.1 53 3 0
> > 192.168.16.211 2034 33479 194.70.94.152 80 3 0
> > 192.168.16.207 3213 33620 192.175.48.1 53 3 0
> > 192.168.16.211 2035 33478 194.70.94.152 80 3 0
> > 192.168.16.207 3214 33619 192.175.48.1 53 3 0
> >
> > It seems to relate to mainly one particular workstation - I've
trace
> > routed the 192.175.48.1 IP address and this leads to
prisoner.iana.org
>
> > ??
> >
> > Anyone explain what it is that's doing it - I've checked the work
> > station and theres nothing running on it I can see
> >
> > Help please :)
> >
> >
> >
> > Dean.
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------ Yahoo! Groups Sponsor
> ---------------------~-->
> > Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or
Lexmark
>
> > Printer at Myinks.com. Free s/h on orders $50 or more to the US
&
> Canada. http://www.c1tracking.com/l.asp?cid=5511
> > http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/IBOolB/TM
> >
>
---------------------------------------------------------------------~-&
> gt;
> >
> > ** UKHA2004 BE THERE! ** - start planning now.
> >
> > http://www.automatedhome.co.uk
> > Post message: ukha_d@xxxxxxx
> > Subscribe: ukha_d-subscribe@xxxxxxx
> > Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> > List owner: ukha_d-owner@xxxxxxx
> >
> > Your use of Yahoo! Groups is subject to
> > http://docs.yahoo.com/info/terms/
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> ________________________________________________
> Message sent using UebiMiau 2.7.2
>
>
>
> ** UKHA2004 BE THERE! ** - start planning now.
>
> http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe: ukha_d-subscribe@xxxxxxx
> Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> List owner: ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>
>
>
>
>
>
> ** UKHA2004 BE THERE! ** - start planning now.
>
> http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe: ukha_d-subscribe@xxxxxxx
> Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> List owner: ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>
Home |
Main Index |
Thread Index
|