Results 1 to 4 of 4

Thread: Suspicious connection under Vm Backtrack 4.0 to ip 91.189.94.4

  1. #1
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    1

    Exclamation Suspicious connection under Vm Backtrack 4.0 to ip 91.189.94.4

    I use Backtrack 4 final edition on a windows XP machine with Vmplayer and Comodo firewall.
    When starting the networking on VM Backtrack 4 a message from Comodo is displayed that Vmnat.exe is trying to connect to the following ip address 91.189.94.4. Searcing for this address i found the followings:

    Service is running on TCP port 22
    role: Canonical Ltd Admin
    address: 1 Circular Road
    address: Douglas
    address: Isle of Man
    address: IM1 1AF
    e-mail: hostmaster@canonical.com
    admin-c: LJ974-RIPE
    admin-c: JT2256-RIPE
    admin-c: NM1806-RIPE
    admin-c: CJ1182-RIPE
    admin-c: SS8542-RIPE
    tech-c: LJ974-RIPE
    tech-c: JT2256-RIPE
    tech-c: NM1806-RIPE
    tech-c: CJ1182-RIPE
    tech-c: SS8542-RIPE
    nic-hdl: CAN-RIPE
    mnt-by: CANONICAL-MNT
    source: RIPE

    Service reply: SSH-2.0-OpenSSH_4.7p1 Debian-12ubuntu1.CAT.8.04.1



    What is this ip address intented for and why VMNAT.exe is trying to connect on that ip address

  2. #2
    Junior Member
    Join Date
    Apr 2010
    Location
    Sweden
    Posts
    35

    Default Re: Suspicious connection under Vm Backtrack 4.0 to ip 91.189.94.4

    Try running netstat -napt in BT4 for more information. It will show what process created the connection. I'm guessing it's ntp. ntp.ubuntu.com resolves to 91.189.94.41.

  3. #3
    Member
    Join Date
    Dec 2007
    Location
    The Netherlands
    Posts
    267

    Default Re: Suspicious connection under Vm Backtrack 4.0 to ip 91.189.94.4

    Yeah, looks like it's just NTP (time synchronisation).

  4. #4
    Just burned his ISO h4ckn3t's Avatar
    Join Date
    Aug 2010
    Location
    WWW.H4CKN3T.COM
    Posts
    9

    Default Re: Suspicious connection under Vm Backtrack 4.0 to ip 91.189.94.4

    nslookup -a 91.189.94.4
    Name: europium.canonical.com
    Address: 91.189.94.4

Similar Threads

  1. Using Back|Track4 for Suspicious Activity Alarm
    By Jart44 in forum Beginners Forum
    Replies: 3
    Last Post: 07-13-2010, 11:18 PM
  2. Replies: 6
    Last Post: 03-17-2008, 01:10 AM
  3. Kismet "Suspicious Client" question
    By ac251404 in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-02-2008, 02:42 PM
  4. backtrack 2 internet connection
    By sikkwidditt in forum OLD Newbie Area
    Replies: 2
    Last Post: 12-14-2007, 06:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •