[i18n-nb] Hvem har IP-nummer 200.24.7.180/mercurio.escuelaing.edu.co

4 May 2003


      Mailinglisten i18n-nb@lister.ping.uio.no får veldig mange mail fra
big@boss.com tilsendt fra IP-nummer 200.24.7.180.  En rask sjekk på
google indikerer at dette sendes fra en orm/virus ved navn SoBig.
URL:http://www.techaholic.net/sobig.html
Kan eieren av IP-nummer 200.24.7.180, som ser ut til å være
windows-boks i utlandet, få fjernet dette viruset?
Under følger resultatet fra nmap -o og traceroute mot IP-nummeret.
Maskinen svarer 'mercurio login:' når jeg forsøker en telnet.  Den
hevder å hete 'mercurio.escuelaing.edu.co' når jeg kontaker
SMTP-serveren på maskinen.
# nmap -O 200.24.7.180
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on  (200.24.7.180):
(The 1533 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
53/tcp     open        domain
79/tcp     open        finger
80/tcp     open        http
111/tcp    filtered    sunrpc
113/tcp    open        auth
139/tcp    open        netbios-ssn
445/tcp    filtered    microsoft-ds
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
587/tcp    open        submission
1433/tcp   filtered    ms-sql-s
3306/tcp   open        mysql
5432/tcp   open        postgres
8007/tcp   open        ajp12
8080/tcp   open        http-proxy
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA31%P=i586-pc-linux-gnu%D=5/4%Time=3EB4FCBD%O=21%C=1)
TSeq(Class=RI%gcd=1%SI=3A8777%IPID=I%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=3A8ED1%IPID=I%TS=100HZ)
TSeq(Class=RI%gcd=2%SI=1D42C9%IPID=I%TS=100HZ)
T1(Resp=Y%DF=N%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
T2(Resp=N)
T3(Resp=Y%DF=N%W=3F25%ACK=S++%Flags=AS%Ops=MENNTNW)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
Uptime 10.596 days (since Wed Apr 23 23:24:40 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 27 seconds
# traceroute 200.24.7.180
traceroute to 200.24.7.180 (200.24.7.180), 30 hops max, 38 byte packets
 1  10.29.0.201 (10.29.0.201)  2.303 ms  1.926 ms  5.048 ms
 2  213-145-179-2.dd.nextgentel.com (213.145.179.2)  20.663 ms  20.537 ms  20.566 ms
 3  213-187-161-214.dd.nextgentel.com (213.187.161.214)  53.594 ms  58.014 ms  37.994 ms
 4  uio-gw7.uio.no (129.240.188.7)  47.806 ms  59.322 ms  24.939 ms
 5  oslo-gw1.uninett.no (128.39.3.93)  24.753 ms  27.370 ms  49.201 ms
 6  no-gw.nordu.net (193.10.68.49)  25.170 ms  28.550 ms  27.201 ms
 7  no-gw2.nordu.net (193.10.68.18)  33.250 ms  29.854 ms  27.222 ms
 8  dk-gw.nordu.net (193.10.68.34)  37.092 ms  41.550 ms  37.529 ms
 9  dk-gw2.nordu.net (193.10.68.22)  31.411 ms  40.229 ms  32.231 ms
10  dk-gw2.nordu.net (193.10.68.22)  37.552 ms sl-gw10-cop-9-0.sprintlink.net (80.77.65.25)  54.243 ms  50.671 ms
11  sl-bb20-cop-8-0.sprintlink.net (80.77.64.37)  43.850 ms  52.170 ms  36.888 ms
12  sl-bb21-msq-10-0.sprintlink.net (144.232.19.29)  109.474 ms  111.856 ms  114.241 ms
13  sl-bb20-msq-15-0.sprintlink.net (144.232.9.109)  110.445 ms  133.929 ms  114.186 ms
14  sl-bb20-nyc-11-3.sprintlink.net (144.232.9.102)  139.730 ms  140.304 ms  112.588 ms
15  204.255.174.225 (204.255.174.225)  145.505 ms  129.570 ms  127.476 ms
16  0.so-6-0-0.XL2.NYC4.ALTER.NET (152.63.21.82)  142.189 ms  122.284 ms  130.217 ms
17  0.so-4-0-0.TL2.NYC9.ALTER.NET (152.63.23.129)  129.453 ms  135.576 ms  125.280 ms
18  0.so-7-0-0.TL2.ATL1.ALTER.NET (152.63.10.125)  142.900 ms  149.300 ms  142.589 ms
19  0.so-7-0-0.XL2.MIA4.ALTER.NET (152.63.86.193)  160.203 ms  167.858 ms  160.102 ms
20  POS7-0.GW7.MIA4.ALTER.NET (152.63.85.29)  168.598 ms  158.330 ms  169.521 ms21  internexa-gw.customer.alter.net (157.130.79.18)  270.163 ms  239.333 ms  248.755 ms
22  200.24.6.234 (200.24.6.234)  230.642 ms  231.987 ms  307.090 ms
23  * * *
24  200.24.7.180 (200.24.7.180)  276.469 ms  234.589 ms  277.127 ms
#

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[i18n-nb] Hvem har IP-nummer 200.24.7.180/mercurio.escuelaing.edu.co