Link to home
Create AccountLog in
Avatar of Bobboz
Bobboz

asked on

Web Server wants to connect with Fortressitx

I am using Comodo Internet Security Premium on a winxp machine with apache web server.
My web server has been up for 3 years.  Recently (within the last few months) I noticed that my server is constantly trying to contact IP 208.116.56.22.  This is the address of Fortressitx.  I have tried to discover why....but to no avail.
I have blocked and logged the attempts.  I made a few changes to the server and rebooted.  My software firewall logged 24 attempts blocked within three minutes.  Usually the attempts are made every 3 hours.
Even with the block----things seem to be working OK.
HELP ----- Bob
Avatar of Corey Habbas
Corey Habbas
Flag of United States of America image

This is interesting.  What I would do is install a packet tracer and view the packets in detail that it is sending.  You can use Packetyzer or wireshark, or your favorite.  This way you can drill down.  Did you run a netstat.  Which ports is it accessing?  Did you view all of your system logs, application, security, system?


I think a packet analyzer will help you in this scenario.  After yiou capture your packets, please tell us what you find.  
oops, I forgot to mention.  The packet analyzer will basically run on your machine and you will be able to see the packets that your web server is recieving.  It might be that you have already done this.
I would also look in detail at all files installed under your web server's directory.  Run a search inside each file and actually try to search for that IP address to see if any of your files on your sys or in your web server reference that ip address.  It's worth a shot anyway...
Avatar of Bobboz
Bobboz

ASKER

I am using wireshark - however - I am using filters to view packets.
I will turn off all filters and capture everything.
I must wait until it happens again.
I will send it when it happens.
Thanks.
Sounds good....Also another idea is, can you run an IDS like Snort and set up a rule for that IP.  This would also be a good way to get to the bottom of things.
ASKER CERTIFIED SOLUTION
Avatar of Corey Habbas
Corey Habbas
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Bobboz

ASKER

Looks like you got it.
I am using Comodo.
I got a question out to them asking if this is cloud stuff or what.
You were fast and accurate.
Thanks
Bob