David Gillett's post (clipped)
<<<< ISMMODULE2.EXE from my computer to 76.9.9.190 port 80>>. <<< Port 80 is routinely used by clients connecting to web servers using HTTP. So routinely that most firewalls should not alert on that case -- unless, perhaps, there is some reason to believe that 76.9.9.190 is the address of a known compromised/booby-trapped server, or that something that isn't HTTP is trying to use port 80 to sneak past. Perhaps it's just that "ISMMODULE2.EXE is not recognized as a known web client/browser....>>>.
taking this further, the following are the full details of IP address 76.9.9.190
<<<<
OrgName: ISPrime, Inc.
OrgID: IPRM
Address: 25 Broadway
Address: 6th Floor, Suite #2
City: New York
StateProv: NY
PostalCode: 10004-1086
Country: US
ReferralServer: rwhois://rwhois.isprime.net:4321/
NetRange: 76.9.0.0 - 76.9.15.255
CIDR: 76.9.0.0/20
NetName: ISPRIME-ARIN-3
NetHandle: NET-76-9-0-0-1
Parent: NET-76-0-0-0-0
NetType: Direct Allocation
NameServer: NS.ISPRIME.COM
NameServer: NS2.ISPRIME.COM
Comment:
RegDate: 2007-02-08
Updated: 2007-02-08
RAbuseHandle: ISPRI1-ARIN
RAbuseName: ISPrime Abuse
RAbusePhone: +1-212-812-9028
RAbuseEmail: [log in to unmask]
RNOCHandle: ISPRI-ARIN
RNOCName: ISPrime NOC
RNOCPhone: +1-212-812-9028
RNOCEmail: [log in to unmask]
RTechHandle: ITS7-ARIN
RTechName: ISPrime Technical Support
RTechPhone: +1-212-812-9028
RTechEmail: [log in to unmask]
OrgAbuseHandle: ISPRI1-ARIN
OrgAbuseName: ISPrime Abuse
OrgAbusePhone: +1-212-812-9028
OrgAbuseEmail: [log in to unmask]
OrgNOCHandle: ISPRI-ARIN
OrgNOCName: ISPrime NOC
OrgNOCPhone: +1-212-812-9028
OrgNOCEmail: [log in to unmask]
OrgTechHandle: ITS7-ARIN
OrgTechName: ISPrime Technical Support
OrgTechPhone: +1-212-812-9028
OrgTechEmail: [log in to unmask]
# ARIN WHOIS database, last updated 2007-09-12 19:50
# Enter ? for additional hints on searching ARIN's WHOIS database.>>>>>
this info was obtained through a little freeware utility called "ipnetinfo" which (at least i consider very good and very usefull)
the utility is available at
http://www.snapfiles.com/get/IPNetInfo.html
just in case Philip Williams wants to take it up further.
HTH---Venkat
The NOSPIN Group has added a new feature on our website,
web based bulletinboard for questions and answers:
Visit our sister website at http://nospin.com
|