[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: suspicious IP's. Can it be tunneling ?
Hi!
Last hop in a traceroute is
g49.ba01.b000764-0.lax01.atlas.cogentco.com (66.28.67.18)
Their website www.cogentco.com (66.28.0.10) gives this information:
General Information: 1-877-9-COGENT or 1-202-295-4200
Customer Support: 1-877-7-COGENT (1-877-726-4368)
Regards,
Oddvar
> -----Opprinnelig melding-----
> Fra: Mustafa Cagatayli [SMTP:mscag@ciu.edu.tr]
> Sendt: 17. januar 2003 08:53
> Til: packeteer-edu@lists.Stanford.EDU
> Emne: suspicious IP's. Can it be tunneling ?
>
> Hello,
>
> It has been 4 days since out outbound/autodiscover/http traffic has grown
> so much that all our outbound capacity is now full. As this is a
> port/class
> that needs to be available there is no way for me to limit its traffic.
>
> After reading George Russs' e-mail message about tunneling through HTTP
> port, I tried to checked to see if the traffic is actually towards
> www.http-tunnel.com. I found out that the traffic is not towards their
> servers, but mostly towards the following ones. Has anyone experienced any
>
> such situation ? Does any one know what these IP's are ?
>
> 157.163.1.10 - 157.163.1.19 and
> 66.28.236.82 - 66.28.236.93
>
> Regards.
>
>
>
> Mustafa Cagatayli
> CC
>
> -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
> This message was posted through the Stanford mailing list server. To
> subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
> with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.
> Archive
> is at http://www.stanford.edu/group/networking/netlists/
-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body. Archive
is at http://www.stanford.edu/group/networking/netlists/