弁財天

ゴフマン「専門家を信じるのではなく、自分自身で考えて判断せよ」

ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System

alert:03/28-13:00:37.263492 [**] [1:2007695:19] ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 会社.47:50863 -> 150.70.74.55:80

なる大量のログでsnortが警告するのでIPアドレスを調べてみた。

104.75.169.67
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 104.75.169.67    | 104.75.169.0/24     | US | arin     | 2014-04-22 | AKAMAI-ASN1 Akamai International B.V.,US
104.75.169.89
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 104.75.169.89    | 104.75.169.0/24     | US | arin     | 2014-04-22 | AKAMAI-ASN1 Akamai International B.V.,US
104.75.169.98
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 104.75.169.98    | 104.75.169.0/24     | US | arin     | 2014-04-22 | AKAMAI-ASN1 Akamai International B.V.,US
111.108.54.16
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.16    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.18
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.18    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.26
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.26    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.27
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.27    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.34
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.34    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.35
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.35    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.41
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.41    | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.8
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.8     | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
111.108.54.9
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2516    | 111.108.54.9     | 111.108.0.0/16      | JP | apnic    | 2009-06-12 | KDDI KDDI CORPORATION,JP
117.104.139.172
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 117.104.139.172  | 117.104.128.0/19    | JP | apnic    | 2007-07-24 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
117.104.139.181
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 117.104.139.181  | 117.104.128.0/19    | JP | apnic    | 2007-07-24 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
124.40.41.6
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 124.40.41.6      | 124.40.32.0/19      | JP | apnic    | 2006-05-29 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
150.70.74.55
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
16880   | 150.70.74.55     | 150.70.64.0/20      | JP | apnic    |            | AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US
184.51.198.25
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.25    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
184.51.198.33
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.33    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
184.51.198.58
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.58    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
184.51.198.80
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.80    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
184.51.198.83
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.83    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
184.51.198.89
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 184.51.198.89    | 184.51.198.0/23     | US | arin     | 2009-10-22 | AKAMAI-ASN1 Akamai International B.V.,US
23.32.241.32
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
20940   | 23.32.241.32     | 23.32.241.0/24      | US | arin     | 2011-05-16 | AKAMAI-ASN1 Akamai International B.V.,US
61.213.168.10
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.10    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.16
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.16    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.17
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.17    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.18
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.18    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.24
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.24    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.27
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.27    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.35
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.35    | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
61.213.168.9
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
2914    | 61.213.168.9     | 61.213.160.0/19     | JP | apnic    | 2001-01-30 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
16880 | 150.70.74.55 | 150.70.64.0/20 | JP | apnic | | AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US

emerging-policy.rules
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"Windows 98"; fast_pattern:only; http_header; pcre:"/^User-Agent\x3a[^\n]+Windows 98/Hmi"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; sid:2007695; rev:19;)
このルールだわな。

Windows 98 User-Agent
うは。本当にスパイウェアなんだ。それがトレンドマイクロに送信してるしw

投稿されたコメント:

コメント
コメントは無効になっています。