Page 3 of 5 FirstFirst 12345 LastLast
Results 31 to 45 of 66
  1. #31
    Joined
    Oct 2000
    Location
    Toronto, Ontario
    Posts
    213
    Originally posted by jaydee116
    Uh Oh!!! I think I did something wrong. I was going through the ZoneAlarm logs and see that @home security is also scanning me with 3 other IP's as well? Did I do something illegal? Why would they be doing this?

    I sent the security and e-mail asking what is up, but I doubt they will respond.
    I ususally get scanned by 24.0.0.203 about 3 times a day. What are the IPs for the other @home security?
    Also I've noticed that I've been hamered by a bunch of IPs, specifically 64.91.148.12 and 64.91.149.250. Using Neo trace I found that they were both associated with penn.com, which happens to be Earthlink. It's weird that Earthlink would hammer @home computers.

    GO CANADA

  2. #32
    Joined
    May 2000
    Location
    ?
    Posts
    1,848
    Five words:

    Cult Of The Dead Cow...

  3. #33
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by hockeyfan


    I ususally get scanned by 24.0.0.203 about 3 times a day. What are the IPs for the other @home security?
    Also I've noticed that I've been hamered by a bunch of IPs, specifically 64.91.148.12 and 64.91.149.250. Using Neo trace I found that they were both associated with penn.com, which happens to be Earthlink. It's weird that Earthlink would hammer @home computers.
    Well I found out there are 2 others that give me the security deal, BUT those to were MY other 2 IP's. HEHE. I guess my own comps are causing a few hits a day?

    What the hell does this mean?:

    "The IP address you specified:


    192.168.11.236


    is an address on your local network.

    Certain IP addresses, like this one, have been designated by the Internet Assigned Numbers Authority (IANA) as "nonroutable" -- that means, they can't be used to send information between different networks. Instead, they are used within a single network. This means that a network administrator doesn't have to obtain unique IP addresses for all of the computers on the network. There can be hundreds, or thousands, of computers that all have the IP address 192.168.11.236. But if you send information to 192.168.11.236, it will only go to the computer on *your* network that has that address.

    The address ranges that have been designated by the IANA as private network address include:


    10.x.x.x
    172.16.0.0 - 172.31.255.255
    192.168.x.x


    where "x" can be any number between 0 and 255.

    If you do not have a local network, then this IP address may refer to one of your ISP's computers. If you do have a LAN, or if you are on a corporate LAN, and there is no computer on your LAN with this IP address, then if you receive an inbound alert that references this IP address it has probably been spoofed (faked). There is no way this IP address can refer to a real computer that is not on your local network."

    Last edited by jaydee116; 06-13-2001 at 10:25 AM.

  4. #34
    Joined
    May 2001
    Location
    Washington, DC
    Posts
    299
    Originally posted by hockeyfan


    I ususally get scanned by 24.0.0.203 about 3 times a day. What are the IPs for the other @home security?
    Also I've noticed that I've been hamered by a bunch of IPs, specifically 64.91.148.12 and 64.91.149.250. Using Neo trace I found that they were both associated with penn.com, which happens to be Earthlink. It's weird that Earthlink would hammer @home computers.
    One possible reason for your @Home account being scanned by Earthlink is this - some punk kid with an Earthlink dialup is scanning for always on broadband accounts to load his "zombie bots" onto so he can run his DDOS from your machine.

    Personally, I'm using Zonealarm firewall and since it stops / alerts you to both incoming and outgoing traffic, you can see if someone has managed to slip a trojan on your machine when it tries to "phone home" to its bot master.

    Whoever has broadband and hasn't yet read about this should definitely read up on this topic at www.grc.com

    Very informative.

    Plus, Steve is a totally straight shooter and doesn't pull punches (he's not being paid or sponsored by anybody *cough* Tom's Hardware *cough*).

    Whoever was talking up BlackIce Defender should read that. It wasn't until the most recent patch that BD even detected outgoing net calls. Thats not the firewall you want to be using. Zonealarm is in my experience the best software solution ... and its FREE!!! Heck with my Linksys router stealthing all my ports I still load the software firewall ... just to monitor outgoing port calls.

    Regards,

    - TM
    BTW: Neo net trace personal edition is free right now. I'd get a copy if I were interested / curious in tracking down destination IP addresses.
    HEATWARE: dvsman EBAY: dvsman

    My New Gaming Rig
    - Abit AN9 Fatal1ty Edition v.1.00 (Bios 11) w/ NForce 9.35
    - AMD64 x2 4200+ (AM2)
    - Thermaltake Golden Orb II CPU Cooler
    - RAIDMAX Volcano modular 630W PS
    - 4gb (4x1gb) DDR2 OCZ Platinum XTC PC2-6400 (800mhz)
    - 2x 256mb GeForce 7900 GT by MSI (in SLI) (Det. 91.47)
    - Acer AL2216W 22" LCD Monitor (1680x1080)
    - NEC ND-3550A DVD rewriter
    - Seagate 320gb, 16mb, 7,200rpm SATA 3.0
    - No Name Aluminum Case
    - Saitek Eclipse II keyboard
    - Razor Diamondback Chameleon mouse

  5. #35
    Joined
    Oct 2000
    Location
    Toronto, Ontario
    Posts
    213
    themaker: I use Zonealarm it works pretty good. The IP that is hammering my computer keeps changing each time I restart my computer, maybe you are right that someone is just searching for ports that are open. I've read the stuff on grc.com

    jaydee116: I have no clue what that means, but I'm guessing that someone in your local node with @home is port scanning your computer.

    GO CANADA

  6. #36
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by hockeyfan
    themaker: I use Zonealarm it works pretty good. The IP that is hammering my computer keeps changing each time I restart my computer, maybe you are right that someone is just searching for ports that are open. I've read the stuff on grc.com

    jaydee116: I have no clue what that means, but I'm guessing that someone in your local node with @home is port scanning your computer.
    This IP didn't get scanned once in the last 6 hours, but the other that got hit with 600+ there for a few days got hit 27 times in the last 6 hours. Better anyway. I am not going to worry about it untill something happens because I think I have done about all I can do without getting my IP's changed.

    I like ZoneAlarm to BTW.

  7. #37
    Joined
    Dec 2000
    Posts
    5,051
    One reason its not a punk kid scanning your machine, is he is looking for an open port or a reporting port. Zone Alarm stealthes the port so it dosen't respond. Earthlink is probably scanning @home addresses to probe for zombies that seem to be prevelent on the @home network. Don't worry its a non-targeted probe, meaning the scan a range of addresses.

    Now if you feel like doing something to make yourself feel better, scan them right back. Does nothing but make you feel good, and probably scare a couple of there security guys as a computer with no open ports just scanned them.

  8. #38
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by Bryan


    Now if you feel like doing something to make yourself feel better, scan them right back. Does nothing but make you feel good, and probably scare a couple of there security guys as a computer with no open ports just scanned them.
    Muhahahahaha!!!! I like the evilness. How do I scan them back BTW?

  9. #39
    Joined
    May 2000
    Posts
    1,646
    mooooo....

  10. #40
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987

    Question

    Originally posted by spud
    mooooo....
    WTF? Is this a farm with cows now? hehe just kidding.

    What the hell is that supposed to mean though?

  11. #41
    Joined
    Feb 2001
    Posts
    18,901

    i have a linksys hub

    speeds are great through it. i spent the money and got extra ip address cause:

    a) i run win98se on one machine, win2k pro on my host machine

    b) i don't want to run a router and have to have my host turned on to use the other for internet, mail

    c) i don't mind spending the $5 and yes they will give you a different address.

  12. #42
    Joined
    Dec 2000
    Posts
    5,051
    At the very least get Zone Alarm my friend, I've seen too many people get burned (and bad.) by not having good protection. Black Ice Defender isn't an option, the dumb thing reports back to the scanner he has been blocked. The router is the best solution because the only thing they can touch is the router, and they can'y reach it because the ports don't report back.

    You need Port scanner to scan ports, just look around and if you do download something. Be sure to virus scan the bugger.
    Last edited by Bryan; 06-15-2001 at 05:57 AM.

  13. #43
    Joined
    Oct 2000
    Location
    Toronto, Ontario
    Posts
    213
    Originally posted by Bryan
    You need Port scanner to scan ports, just look around and if you do download something. Be sure to virus scan the bugger.
    I'm up for scanning. It is not illegal, is it?

    GO CANADA

  14. #44
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by hockeyfan

    I'm up for scanning. It is not illegal, is it?
    I don't think so. Only if you use it to hack a computer I would think.

  15. #45
    Joined
    Jun 2001
    Location
    AZ
    Posts
    2,034
    OK, Why is everybody alway so misinformed about all this stuff? If you wanna mask your IP don't plan on getting on the internet or communicating with any other type of computer. This idea everybody is always talking about is like burying your house underground and telling somebody to go into your house. Now IP's are more than just an IP. it has a gazillion ports like doors and windows to your house off the same example as above. You can lock the doors and windows aka the ports of your IP and nobody can get in. Ports are what actually connect to IP's even a ping is done with ports. So you mask pings but we can still connect to you on any other plain.

    For you router guys, the reason nobody can see you is because you have a private IP not a public IP. You are running through NAT that translates your private IP to the public IP so you can get out. Anytime you see that your IP is 192.168.x.x or 10.x.x.x it is a private IP. They are reserved on the internet. This works like a firewall but better. Firewalls just hide the ports, NAT and a router makes it so even if they get onto a port it doesn't go anywhere. I wish i could think of some internet site for you to read about how IP's work to better explain than I want to on this.

    These zone alarm alerts are due to IP block scans. you just type in things like 212.154.29 and it scans all IP's below that looking for ports like 21 for FTP, when it finds them, it tries to log into them as a anony. If so it logs the IP and whoever had the IP block and port scanners scanning IP's for open ports can then connect with whatever protocal standard uses the specified port and do something. Basically if you have cable server. Everybody is going to scan you all day long due to popular IP blocks. Even if you have a router it is still getting scanned by these programs, just your router is getting scanned not your computer so you can take zone alarm off of yours if you have this config. you'll only see internal requests unless you setup the port routing to private IP from local computers if your worried about that. Mostly it's just waisting valuable resource space at that point. Have fun al, I hope you were able to understand kinda what i was saying. If your worried about security, get a router but you will lose other abilites by going private like MSN talk and other such things that require a direct public IP connection.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •