are you sure this isn't some "friend" who's yanking your chain ?
and gave this info:
arin says this:
quote:
Search results for: 209.214.105.3
OrgName: BellSouth.net Inc.
OrgID: BELL
NetRange: 209.214.0.0 - 209.215.255.255
CIDR: 209.214.0.0/15
NetName: BELLSNET-BLK4
NetHandle: NET-209-214-0-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS.BELLSOUTH.NET
NameServer: NS.ATL.BELLSOUTH.NET
NameServer: NS.MIA.BELLSOUTH.NET
NameServer: NS.RDU.BELLSOUTH.NET
Comment:
For Abuse Issues, email
abuse@bellsouth.net.
For Subpoena Issues, please email
ipadmin@bellsouth.net with "SUBPOENA" in the subject line.
RegDate: 1998-03-19
Updated: 2002-10-31
TechHandle: JG726-ARIN
TechName: Geurin, Joe
TechPhone: +1-404-499-5240
TechEmail:
ipadmin@bellsouth.net
AbuseHandle: ABUSE81-ARIN
AbuseName: Abuse Group
AbusePhone: +1-404-986-8151
AbuseEmail:
abuse@bellsouth.net
OrgAbuseHandle: ABUSE81-ARIN
OrgAbuseName: Abuse Group
OrgAbusePhone: +1-404-986-8151
OrgAbuseEmail:
abuse@bellsouth.net
OrgTechHandle: JG726-ARIN
OrgTechName: Geurin, Joe
OrgTechPhone: +1-404-499-5240
OrgTechEmail:
ipadmin@bellsouth.net
# ARIN Whois database, last updated 2003-02-04 20:00
# Enter ? for additional hints on searching ARIN's Whois database
----------------------------------------------------------------------------
uh.. this may be totally off the wall but do you know a David J Bush ?
http://www.littlegolem.net/jsp/info/....jsp?plid=1607
hehehe nah.. probably not.. wouldn't be that easy..
google doesn't show any results for twixter.net . it has 500 hits for twixter.. and arin doesn't have any record of twixter.. or twixter.net.
but if it's trying to call home.. my best guess is that you have a trojan/backdoor on your box.
acording to this port list at
http://www.bosconet.org/pjohnson/por...001to2500.html
it gives :
2491 tcp conclave-cpp Conclave CPP
2491 udp conclave-cpp Conclave CPP
but searching google for Conclave or Conclave CPP didn't turn up anything very enlightening