Mail Archives: cygwin/2008/09/27/10:56:46
Hi,
whois is complaining about being old but before I just updated I wanted to get some
idea what is available [ as I've complained before about my machine being a bit sensitive ].
I have a 2nd machine that I believe could be contaminated with spyware and I try to just
run it remotely using cygserver stuff for ssh and ftp and this now seems to work fine- a clean cygwin install went perfectly. Although, without making implicit accusations, I do have
machine crashes ( not BSOD, but text dump about bad driver ] on the messed-up-install machine
when I am running X and interact strongly with that system(multiple open and active connections
via my wireless card) .
Anyway, my immediate problem is diagnosing any spyware using cygwin or cygwin
friendly tools( something I can use without having to attach a keyboard or monitor or getitng
windoze remote desktop).
I have showtraffic started as a service using the cygwin tools and it generates
a packet log just fine. I found a very active IP address that shouldn't be there,
Proto: TCP len: 1500 96.17.74.91:80 -> 192.168.2.103:1059
and was naturally curious. Whois was no help,
$ whois 96.17.74.91
Unknown AS number or IP network. Please upgrade this program.
$ whois --version
Version 4.6.13.
Report bugs to .
and nmap gave me some idea it is from akamai,
$ nmap -sV 96.17.74.91
Starting Nmap 4.62 ( http://nmap.org ) at 2008-09-27 10:16 Eastern Daylight Time
SCRIPT ENGINE: nselib/ not a directory
SCRIPT ENGINE: Aborting script scan.
Interesting ports on a96-17-74-91.deploy.akamaitechnologies.com (96.17.74.91):
Not shown: 1703 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Akamai SSH Server-VII (protocol 1.99)
80/tcp open http AkamaiGHost (Akamai's HTTP Acceleration/Mirror se
rvice)
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open ssl OpenSSL
445/tcp filtered microsoft-ds
500/tcp open ssh Akamai SSH Server-VII (protocol 1.99)
1720/tcp filtered H.323/Q.931
9050/tcp open tor-socks?
Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 79.044 seconds
So, I guess I asking if the most recent version of whois is worth getting
and if anyone knows anything about this particular server or how to figure out
what it is.
I guess I should probably just load debian on the other system but I only expected to
use if for backup, LOL.
Thanks.
Mike Marchywka
586 Saint James Walk
Marietta GA 30067-7165
415-264-8477 (w)<- use this
404-788-1216 (C)<- leave message
989-348-4796 (P)<- emergency only
marchywka AT hotmail DOT com
Note: If I am asking for free stuff, I normally use for hobby/non-profit
information but may use in investment forums, public and private.
Please indicate any concerns if applicable.
Note: hotmail is getting cumbersom, try also marchywka AT yahoo DOT com
_________________________________________________________________
Get more out of the Web. Learn 10 hidden secrets of Windows Live.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -