Welcome, Guest. Please login or register.
November 21, 2024, 07:33:00 PM

Login with username, password and session length
* Home Help Arcade Login Register
.
+  Forum
|-+  NLG Members who host their own Repair Logs of Various Games.
| |-+  RickHunters Computer Help 101 (Moderator: rickhunter)
| | |-+  IP address 10.217.224.1
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: IP address 10.217.224.1  (Read 8666 times)
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« on: September 30, 2008, 08:19:24 PM »

My traffic log shows a constant polling from this address 10.217.224.1 - my ISP can supply no info - the trace goes nowhere - yet I am getting  polled every 5 secs - this has been going on for months. Google shows me nothing- my firewall does block it - but still would like to know what is going on. thanks.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #1 on: September 30, 2008, 08:19:40 PM »

My traffic log shows a constant polling from this address 10.217.224.1 - my ISP can supply no info - the trace goes nowhere - yet I am getting  polled every 5 secs - this has been going on for months. Google shows me nothing- my firewall does block it - but still would like to know what is going on. thanks.



Your WHOIS Search Results
10.217.224.1
Record Type:   IP Address

 
OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   10.0.0.0 - 10.255.255.255
CIDR:       10.0.0.0/8
NetName:    RESERVED-10
NetHandle:  NET-10-0-0-0-1
Parent:     
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information:
Comment:    http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:   
Updated:    2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
 
 

Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #2 on: September 30, 2008, 08:19:53 PM »

Since it is supposed to be IANA reserved (anything w/ a 10 in the first Octal is a private network not to be issued to the general public)  It is more than likely someone acidently or purposfully hitting your network.  Small posibility that your provider is using that address for a router; it should not be originating traffic though.  You can either write to the abuse e-mail since that traffic should not see the light of day or call your provider to stop it further up.  All that being said; if your router firewall is catching it it should not be a big deal

http://en.wikipedia.org/wiki/Private_network

If you want to go really crazy you can read what they are sending you with a packet sniffer program. (Ethereal Network Analyzer or something like that)

- Brian

Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #3 on: September 30, 2008, 08:20:08 PM »

Google "BLACKHOLE-1.IANA.ORG" and get more confused.  yes Duh! arrow

Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #4 on: September 30, 2008, 08:20:28 PM »

I emailed and called and the answer was - basically none of my business. My firewall does not classify this one as a threat - and I do called polled by other ips as well - but this one every 5 secs does seem a bit strange. Thanks again.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #5 on: September 30, 2008, 08:21:33 PM »

Quote from: IANA Abuse FAQ
Q5: How busy are the blackhole servers?

A5: While rates vary, the blackhole servers generally answer thousands of queries per second. In the past couple of years the number of queries to the blackhole servers has increased dramatically. It is believed that the large majority of those queries occur because of "leakage" from intranets that are using the RFC 1918 private addresses. This can happen if the private intranet is internally using services that automatically do reverse queries, and the local DNS resolver needs to go outside the intranet to resolve these names. For well-configured intranets, this shouldn't happen. Users of private address space should have their local DNS configured to provide responses to inverse lookups in the private address space.

Did you call IANA or your ISP?

I suppose that if you are inside your ISP's firewall it might be allowed if the activity is being produced by the ISP, but then again, it might not. Even if it is your ISP's activity it doesn't seem to be best practice to hit their customers' assigned IPs every 5 seconds.

If you did not contact your ISP I would try that if you would still like to resolve the mystery/problem. They might have an internal issue that they are unaware of and that needs resolving.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #6 on: September 30, 2008, 08:21:57 PM »

I called and emailed my ISP and emailed the IANA abuse line - noone had an answer nor would take anytime to resolve. The only "hit" I found using google was some website (foreign) that had this IP address inbedded in some other issues obut did not mention it in conjunction with the issue they were discussing. I guess BLACKHOLE is just the way it is. No Harm - no Foul at this point.  Maybe most people don't look at their activity logs to see what their computer is up to.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #7 on: September 30, 2008, 08:22:09 PM »

You are being scanned.  The 10.x.x.x addresses are white papered to never be released as public addresses and are thus used for internal networks only (like the 192.168.x.x that all routers like to use).  If your log shows the IP as 10.x.x.x that means the person is purposely trying to hide his identity by spoofing his address.  Do you have a wireless network?  Has it been compromised before?
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #8 on: September 30, 2008, 08:22:35 PM »

have not been hacked - I have had viruses along time ago when they becoame a daily occurance. I have changed ISPs in the past 2 months - so this would not apply as my address would have changed.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #9 on: September 30, 2008, 08:22:53 PM »

Do you have more than 1 computer on your local network?  It's been my experience that the polling activity comes from a bot that is advertising.  I'm just curious if you have more than 1 machine, maybe you should shut down the machine you use normally for a few days and only use the secondary one to see if the polling stops.  Do you have a static IP?
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #10 on: September 30, 2008, 08:23:11 PM »

sorry - just the one machine - used to have DSL - now Road Runner. Never was on any network. Really strange for a hacker to be that persistant - 24/7 every 5 secs.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #11 on: September 30, 2008, 08:24:16 PM »

Is roadrunner cable?  If so, that might be why you are being targeted. 
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #12 on: September 30, 2008, 08:24:30 PM »

Is roadrunner cable?  If so, that might be why you are being targeted. 

Why is that Rick?

I also have roadrunner so I'm interested.
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #13 on: September 30, 2008, 08:24:52 PM »

Cable service is shared amongst the subscribers in your immediate neighborhood.  Since it's pretty much a splitted signal, someone can just snoop his cable line for other traffic to see what is going on.  I can put a computer running a sniffer program to monitor network activity for everyone who has cable service and who shares the cable signal with me.  Unlike DSL, where there's a unique line that goes all the way to the central office, cable internet has one long and very thick cable to a distribution center for your neighborhood which then is split up to the individual boxes that typically serve a group of homes.  It's the run between your house and your neighborhood distribution center that is shared amongst all of your neighbors.  Does this make sense to you?  There's nothing "wrong" with the setup, it's just the nature of the beast.  It is specially important for people in Cable lines to make sure that anytime you put Soc Sec #'s, Credit Cards and any other private info, that whichever way you send the information, it's encrypted be it SSL or any other strong encryption method.  If you have a bad apple sharing your cable line, he can just have a computer monitoring traffic and thus filtering info for things that look like CC #'s, bank accounts, etc.  Not very nice at all.

foxslots, does your router/firewall report what ports are being polled for activity?
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #14 on: September 30, 2008, 08:25:20 PM »

If you get headaches easiliy from reading techie stuff then stop now.

OK... you've been warned!

If you are ever bored or battling insomnia Google for RFC 1918. The RFC is a "Request for Comments" and #1918 discusses private reserved IP addresses.

IP Addresses in the 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255 ranges are privately allocated addresses. These are not routable on the internet.

Now your big ISPs will use them on the customer side then have a huge proxy server or other device to translate those private addresses they give you into publicly routable addresses. What you are seeing is either some other subscriber on the cable network OR a machine owned by the cable network company. Yes, it is probably an infected machine trying to connect to your PC.

If you are seeing ICMP traffic (also known as 'ping' traffic) to your PC and your PC's firewall is set to not respond then that's all you'll see. If your PC responds to the ping then you'll usually see another connection attempt to your PC on a common communications port (80 for www, 21 for ftp, 135-139 for Windows old style authentication, 445 for Windows authentication, etc...) in an attempt to hijack your machine.

That is what bots do. They scan for other machines to exploit and infect.

How do they do this? By taking advantage of a security hole in your machine. You ever hear of a 'buffer overflow'? This is an easy way to break into a machine.

Wait. I have a firewall. OH? Big deal if it's a software firewall. They have bugs that can be exploited too. Oh, and your machine could still be exploited by a bot even if you have a software firewall. This is why hardware firewalls are much better to have.

Any connection to the internet will get hit by these bot scans. If you have broadband then you'll just get hit faster and more often. Patch your machine's OS, patch the applications, and put a hardware firewall up. With the hardware firewall up your PC will not even see that scanning traffic anymore. That hardware firewall will simply block it and save the precious CPU cycles on your PC. Wink

RJ
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #15 on: September 30, 2008, 08:26:30 PM »

the port local 68 - the protocol is UDP. Roadrunner is Cable.  I do get THREATS caught by my firewall on RARE occasions - do not understand or want to know what the differences are - all I know is I am getting EXTREME activity from one source.
other IP trying to access
59.63.25.161   another IANA
222.151.2.46   ditto
221.208.208.97 ditto
202.97.238.202  ditto
  When you do a backtrace - does that signal go back to the originator? do they get a hit on their logs?
Logged

Keep it simple!!!
SAT (aka GANDHI)
Contributing Gold NLG Member
Sr.NLG Member 501 to 1000 Post
*

Total Karma Storms: 224
Offline Offline

Gender: Male
Posts: 807



« Reply #16 on: September 30, 2008, 08:27:07 PM »

port 68 is dhcp client request.  These are machines looking to get an ip address from a server.  I would think that would be "normal" activity on a cable network, as I'm sure people's computers are asking for IP's as they turn them on.
Logged

Keep it simple!!!
Pages: [1] Go Up Print 
« previous next »
Jump to:  


If you find this site helpful, Please Consider Making a small donation to help defray the cost of hosting and bandwidth.



Newlifegames.com    Newlifegames.net    Newlifegames.org
   New Life Games    NewLifeGames  NLG  We Bring new Life to old Games    1-888-NLG-SLOTS
Are all Copyright and Trademarks of New Life Games LLC 1992 - 2021


FAIR USE NOTICE:

This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner.
We make such material available in an effort to advance awareness and understanding of the issues involved.
We believe this constitutes a fair use of any such copyrighted material as provided for in section 107 of the US Copyright Law.
In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those
who have expressed a prior interest in receiving the included information for research and educational purposes.

For more information please visit: http://www.law.cornell.edu/uscode/17/107.shtml.

If you wish to use copyrighted material from this site for purposes of your own that go beyond fair use,
you must obtain permission directly from the copyright owner.

NewLifeGames.net Web-Site is optimized for use with Fire-Fox and a minimum screen resolution of 1280x768 pixels.


Powered by SMF 1.1.20 | SMF © 2013, Simple Machines
Loon Designed by Mystica
Updated by Runic Warrior
Page created in 0.103 seconds with 19 queries.