Strange behavior

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Strange behavior

Postby TwiddleDee » 07. January 2007 05:37

I did a 100% clean install on a new hd. Installed firewall. xampp next and other windows programs (unrelated to xampp). I hadn't used any part of xampp at all, other than installing it for a future project. A week or so later my firewall came on with a message that apache.exe was trying to access the internet to ip address 87.74.17.215
Which whois returned the following:
Status: connecting to whois server 'whois.arin.net'.
Status: sending query '87.74.17.215'.

--------------------------------------------------------------------------------

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 87.0.0.0 - 87.255.255.255
CIDR: 87.0.0.0/8
NetName: 87-RIPE
NetHandle: NET-87-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2004-04-06

Can anyone explain why this would happen to restore my trust?
TwiddleDee
 
Posts: 3
Joined: 07. January 2007 05:12

Postby Izzy » 07. January 2007 07:56

My investigation of the IP reveals much more information about it including the apache version at the end of the chain.

http://70.84.211.98/co/DomainDossier.aspx
Type the IP in the text box and check all the boxes.

Reveals:
host-87-74-17-215.bulldogdsl.com = 87.74.17.215

http://87.74.17.215/ = http://bytefreq.com = Andrew Morgan = minkymorgan@hotmail.com

Apache is a server and listens on a port for a connection from the internet.

Do you know who is on the end of the above dsl address?

Check using the Task Manager if apache.exe is running.

Do you have another version of apache on your PC?

Have you checked for a virus or some other malware?
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Postby TwiddleDee » 08. January 2007 14:03

>My investigation of the IP reveals much more information about it >including the apache version at the end of the chain.

>http://70.84.211.98/co/DomainDossier.aspx
>Type the IP in the text box and check all the boxes.

>Reveals:
>host-87-74-17-215.bulldogdsl.com = 87.74.17.215

>http://87.74.17.215/ = http://bytefreq.com = Andrew Morgan = >minkymorgan@hotmail.com

>Apache is a server and listens on a port for a connection from the >internet.
I realize that, my firewall reacts differently if it is inbound (I've been hit with port scanners in the past). This was clearly outbound.

>Do you know who is on the end of the above dsl address?
Unknown to me.

>Check using the Task Manager if apache.exe is running.
Currently not running, I keep it shut down till I figure out what's going on.

>Do you have another version of apache on your PC?
No, this was a clean install on a new HD.

>Have you checked for a virus or some other malware?
That was my first thought when the event happened and nothing was detected.

I believe I have found the culprit, even though it might be a bit embarssing, I really don't want this post to have others scratching their heads and wondering.

Since my original post I checked the log files (I love log files!) and have found entries to a program called "Limewire".

17 identical entries spanning 2 hours.

127.0.0.1 - - [04/Jan/2007:12:23:38 -0500] "GET /?client=LIME&version=4.12.6&urlfile=1 HTTP/1.1" 302 -

I'm assuming that ip address 87.74.17.215 has something to do with that nosey windows program.

It seems that someone in the family had downloaded, installed and un-installed a music sharing program to load up their Mp3 player that they got for Christmas! We will be having a talk.
[/quote]
TwiddleDee
 
Posts: 3
Joined: 07. January 2007 05:12


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 166 guests