[X-Newbies] Possible Trojan
Rob Griffiths
robg at macosxhints.com
Sat Dec 17 07:49:00 PST 2005
On Dec 17, 2005, at 7:30 AM, Chris Walker wrote:
> Bullseye - give the man a pint!!!! I did search for phpbb on Google,
> but when I retried after blocking the IPs with Snitch I did different
Yea, there's apparently some sort of bot out there, doing thousands
of searches for phpbb on Google, hence the block.
> However I would still love to know where these requests in my first
> post
Well, you listed:
217.12.3.11: I did a "whois 217.12.3.11" in Terminal, which showed
that IP to be owned by Yahoo Europe. I see you're in the UK, so I
don't think that's anything malicious.
224.0.0.251: Again, "whois 224.0.0.251" shows that IP to be owned by
IANA, the group that's responsible for all the "numbers" associated
with the internet (IP blocks, DNS, etc.). That specific IP claims to
be "reserved for special purposes," and to see RFC 3171 for
additional information. Looking that RFC up on the net (http://
www.faqs.org/rfcs/rfc3171.html) shows that IP number is in a section
reserved for IPv4 Multicast, and more specifically, it's in use as a
"local network control block."
Now most of that latter one is gibberish to me, too ... but in short,
I don't think either of those IPs are malcontents :).
regards;
-rob.
More information about the X-Newbies
mailing list