Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: cyberwatcher on December 30, 2008, 02:48:26 PM

Title: Security Concern
Post by: cyberwatcher on December 30, 2008, 02:48:26 PM

I have noticed that a certain IP address visits my email server via https. I allow https for webmail. I did a whois on it and it is a company called Netcraft Limited. Is this normal traffic? I am including the log file from my firewall thanks. I cannot seem to paste the image I wanted. However it is just showing the connect as well as the bytes sent and recieved.
(http://)
 whois 194.72.238.62
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '194.72.238.0 - 194.72.238.255'

inetnum:      194.72.238.0 - 194.72.238.255
netname:      BT-CUST-59
descr:        FTIP002746036 Netcraft Limited
country:      GB
admin-c:      MP1082-RIPE
tech-c:       MP1082-RIPE
status:       ASSIGNED PA
remarks:      Please send abuse notification to abuse@bt.net
mnt-by:       BTNET-MNT
mnt-lower:    BTNET-MNT
mnt-routes:   BTNET-MNT
source:       RIPE # Filtered

person:       Mike Prettejohn
address:      Netcraft Ltd
address:      Rockfield House
address:      Granville Road
address:      Bath
address:      GB
address:      BA1 9BQ
phone:        +44 1225 447500
fax-no:       +44 1225 448600
nic-hdl:      MP1082-RIPE
source:       RIPE # Filtered

% Information related to '194.72.0.0/14AS2856'

route:        194.72.0.0/14
descr:        BTnet
origin:       AS2856
mnt-by:       BTNET-MNT
source:       RIPE # Filtered

% Information related to '194.72.0.0/15AS2856'

route:        194.72.0.0/15
descr:        BTnet
origin:       AS2856
mnt-by:       BTNET-MNT
source:       RIPE # Filtered

% Information related to '194.72.0.0/16AS2856'

route:        194.72.0.0/16
descr:        BTnet
origin:       AS2856
mnt-by:       BTNET-MNT
source:       RIPE # Filtered

Title: Re: Security Concern
Post by: Stefano on December 30, 2008, 03:12:29 PM

hi

don't you know netcraft? :-)

btw, take a look here (http://toolbar.netcraft.com/site_report?url=http://bosch.netcraft.com) and, naturally, here (http://uptime.netcraft.com)

Ciao
Stefano

Title: Re: Security Concern
Post by: cyberwatcher on December 30, 2008, 03:34:33 PM

I did the research... I wanted verification though. Interesting.

Title: Re: Security Concern
Post by: byte on December 30, 2008, 05:59:11 PM

And as a very important note:

Don't report security issues here - Contact security [at] contribs [dot] [org]

Thanks.

Title: Re: Security Concern
Post by: cyberwatcher on December 30, 2008, 08:23:58 PM

Thanks for all your kind help guys.... I assumed the "General Discussion" section was the route to look for some technical input. You know, the one that says "and other topics that dont belong in the other forums".

none the less I will make sure and try not to bother next time.