This is a follow-up to my story Examining the MPAA University Toolkit.
After reading the hysteria posted on the Slashdot story MPAA College Toolkit Raises Privacy, Security Concerns, I thought I would take a look at traffic leaving the box. Aside from traffic generated by the auto-start of Firefox, the only interesting event was the following. I captured it with my gateway Sguil sensor.
Sensor Name: hacom
Timestamp: 2007-11-23 21:27:04
Connection ID: .hacom_5136150487897024842
Src IP: 69.255.105.234 (c-69-255-105-234.hsd1.va.comcast.net)
Dst IP: 66.252.137.155 (Unknown)
Src Port: 39532
Dst Port: 80
OS Fingerprint: 69.255.105.234:39532 - UNKNOWN
[S4:61:1:60:M1460,S,T,N,W4:.:?:?] (up: 3 hrs)
OS Fingerprint: -> 66.252.137.155:80 (link: ethernet/modem)
SRC: GET /version.txt HTTP/1.1
SRC: Accept-Encoding: identity
SRC: Host: universitytoolkit.com
SRC: Connection: close
SRC: User-Agent: Python-urllib/2.5
SRC:
SRC:
DST: HTTP/1.1 200 OK
DST: Date: Fri, 23 Nov 2007 21:27:31 GMT
DST: Server: Apache/2.0.52 (Red Hat)
DST: Last-Modified: Fri, 12 Oct 2007 14:14:45 GMT
DST: ETag: "4f4002-7-57333f40"
DST: Accept-Ranges: bytes
DST: Content-Length: 7
DST: Connection: close
DST: Content-Type: text/plain; charset=UTF-8
DST:
DST: 1.2-RC3
That's it.
0 komentar:
Posting Komentar