This may be a stretch (a large stretch), but someone could have planted something on your Windows box that is using pings as a covert channel (given that person has also taken control of the webserver that hosts transamericana.org and can watch the connection logs). Do you have a capture of the pings for someone to do a frequency analysis on?
Also, you may want to post a list of your currently running processes in hopes someone may spot something that looks wrong. -Michael On Sat, 29 Jan 2005 12:03:39 +0000, Antonio Henrique Oliveira <[EMAIL PROTECTED]> wrote: > Gregh wrote: > > ----- Original Message ----- > > From: "Antonio Henrique Oliveira" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Saturday, January 29, 2005 9:46 PM > > Subject: [Full-Disclosure] Transamericana.org > > > > > > > >>Dear all, > >> > >>Please excuse me if this is a bit off-topic, but since this is the only > >>IT related mailing list I subscribe (apart from Secunia's) I decided to > >>post here. > >> > >>From sometime ago (I cannot determine exactly when this started to > >>happen), my workstation (WinXP SP2 PT, fully patched) has been sending > >>out ping requests to www.transamericana.org when I login to the machine > >>(right at the beginning of the login process, and only at that time). > >> > > > > > > Perchance is your DNS hosted there? Eg, your ISP's DNS servers? > > > > Greg. > No. The Linux box runs bind for the internal (and external) networks and > does direct queries to the root servers, not using our ISP's DNS. The > internal network is configured with DHCP and the DNS server for all > hosts is set to the linux box internal address. Also, my workstation > (and there are 5 more) is the only one doing this. > > Regards, > -- > Anto'nio Henrique A. Proenca de Oliveira > > "Although we can never go back, like an old sweet song with a strong > refrain, memories remain" - (Someone) > > Please avoid sending me Word or PowerPoint attachments. > See http://www.fsf.org/philosophy/no-word-attachments.html > $Id: .signature,v 1.3 2004/07/14 08:08:10 tat Exp tat $ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
