[X-Newbies] Possible Trojan

Rob Griffiths robg at macosxhints.com
Sat Dec 17 07:49:00 PST 2005

On Dec 17, 2005, at 7:30 AM, Chris Walker wrote:

> Bullseye - give the man a pint!!!!   I did search for phpbb on Google,
> but when I retried after blocking the IPs with Snitch I did different

Yea, there's apparently some sort of bot out there, doing thousands  
of searches for phpbb on Google, hence the block.

> However I would still love to know where these requests in my first  
> post

Well, you listed: I did a "whois" in Terminal, which showed  
that IP to be owned by Yahoo Europe. I see you're in the UK, so I  
don't think that's anything malicious. Again, "whois" shows that IP to be owned by  
IANA, the group that's responsible for all the "numbers" associated  
with the internet (IP blocks, DNS, etc.). That specific IP claims to  
be "reserved for special purposes," and to see RFC 3171 for  
additional information. Looking that RFC up on the net (http:// 
www.faqs.org/rfcs/rfc3171.html) shows that IP number is in a section  
reserved for IPv4 Multicast, and more specifically, it's in use as a  
"local network control block."

Now most of that latter one is gibberish to me, too ... but in short,  
I don't think either of those IPs are malcontents :).


More information about the X-Newbies mailing list