X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: From: Mike Marchywka To: Subject: whois version and related tools. Date: Sat, 27 Sep 2008 10:55:37 -0400 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id m8REujuP024470 Hi, whois is complaining about being old but before I just updated I wanted to get some idea what is available [ as I've complained before about my machine being a bit sensitive ]. I have a 2nd machine that I believe could be contaminated with spyware and I try to just run it remotely using cygserver stuff for ssh and ftp and this now seems to work fine- a clean cygwin install went perfectly. Although, without making implicit accusations, I do have machine crashes ( not BSOD, but text dump about bad driver ] on the messed-up-install machine when I am running X and interact strongly with that system(multiple open and active connections via my wireless card) . Anyway, my immediate problem is diagnosing any spyware using cygwin or cygwin friendly tools( something I can use without having to attach a keyboard or monitor or getitng windoze remote desktop). I have showtraffic started as a service using the cygwin tools and it generates a packet log just fine. I found a very active IP address that shouldn't be there, Proto: TCP len: 1500 96.17.74.91:80 -> 192.168.2.103:1059 and was naturally curious. Whois was no help, $ whois 96.17.74.91 Unknown AS number or IP network. Please upgrade this program. $ whois --version Version 4.6.13. Report bugs to . and nmap gave me some idea it is from akamai, $ nmap -sV 96.17.74.91 Starting Nmap 4.62 ( http://nmap.org ) at 2008-09-27 10:16 Eastern Daylight Time SCRIPT ENGINE: nselib/ not a directory SCRIPT ENGINE: Aborting script scan. Interesting ports on a96-17-74-91.deploy.akamaitechnologies.com (96.17.74.91): Not shown: 1703 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh Akamai SSH Server-VII (protocol 1.99) 80/tcp open http AkamaiGHost (Akamai's HTTP Acceleration/Mirror se rvice) 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 443/tcp open ssl OpenSSL 445/tcp filtered microsoft-ds 500/tcp open ssh Akamai SSH Server-VII (protocol 1.99) 1720/tcp filtered H.323/Q.931 9050/tcp open tor-socks? Service detection performed. Please report any incorrect results at http://nmap. org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 79.044 seconds So, I guess I asking if the most recent version of whois is worth getting and if anyone knows anything about this particular server or how to figure out what it is. I guess I should probably just load debian on the other system but I only expected to use if for backup, LOL. Thanks. Mike Marchywka 586 Saint James Walk Marietta GA 30067-7165 415-264-8477 (w)<- use this 404-788-1216 (C)<- leave message 989-348-4796 (P)<- emergency only marchywka AT hotmail DOT com Note: If I am asking for free stuff, I normally use for hobby/non-profit information but may use in investment forums, public and private. Please indicate any concerns if applicable. Note: hotmail is getting cumbersom, try also marchywka AT yahoo DOT com _________________________________________________________________ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/