Tracking an IP to physical address

[Kerberos]

Ok

I am using IP Tracer to link an IP address to an area where port scans on my router are coming from. My router emails me a log every time it fills up with 200 deny's of access that are logged. I have 8 full logs in the last 16 hours and 1 IP address in particular keeps coming up 95% of the time. 98.64.112.152 It is coming from somwhere in MIAMI

I don't know about the rest of you but I average about 1 log a day to a day and a half on a pretty regular basis so YES this raised an eyebrow.

Could it be an infected computer that someone is launching thier attack from? Maybe.

Has anyone ever looked into anything like this?

Yea I know I'm just being paranoid but better to be paranoid than relaxed about it IMO.

BTW another IP address that is there a lot in the last 10 hours is coming from BOSTON.... DAMN YOU CADMONKEY or AMNORIX. I really don't have anything on my PC you guys could actually want.

Problem is I don't know what I woluld do if I had an address and phone #.

Anyone else even give a flying rats ass if someone is running port scans at this rate on your router?



http://www.ip-adress.com/ip_tracer/98.64.112.152

[jidar]

The only thing you can do is contact the ISP that owns the IP address and tell them that such-and-such IP is running a scanner. Do not expect them to bother with it right away and do not be surprised if they don't do anything at all. Telling an ISP admin that they have IPs scanning on the Internet it similar to telling a police officer that someone is jaywalking, it's just not that big of a deal and it's happening constantly anyway so it's hardly worth the effort to look into.

[BigRedChief]

There are literally millions of bots running scripts out there trying to find holes in pc's. No biggie as long as you are set up right. Get yourself a firewall that doesn't return pings and they don't even know you exsist on the internet superhighway.

open up a command line and type in:
netstat -a

That'll show you all active connections

type in
nbtstat /?
that'll show you all the different options to get the host name but since you don't have rights on the ISP's domain you won't get good results but your ISP will know who it is.

Free DNS stuff here:
http://www.dnsstuff.com/

[Kerberos]

Quote:

Originally Posted by BigRedChief

There are literally millions of bots running scripts out there trying to find holes in pc's. No biggie as long as you are set up right. Get yourself a firewall that doesn't return pings and they don't even know you exsist on the internet superhighway.

open up a command line and type in:
netstat -a

That'll show you all active connections

type in
nbtstat /?
that'll show you all the different options to get the host name but since you don't have rights on the ISP's domain you won't get good results but your ISP will know who it is.

Free DNS stuff here:
http://www.dnsstuff.com/

I can shut pings off in the firewall but it also limits me on things I can do IIRC.

[MIAdragon]

My bad.

[htismaqe]

There's no way to trace an IP address to a physical address, whether you mean geographically or in terms of physical network address. There's invariably devices between you that obscure the physical address of the attacker.

Furthermore, it's possible those IP addresses are spoofed.

[Fish]

Don't worry about it. Chances are, the owner of the PC has no clue anyway.

[htismaqe]

Quote:

Originally Posted by KC Fish

Don't worry about it. Chances are, the owner of the PC has no clue anyway.

Right.

[penguinz]

Quote:

Originally Posted by H1N1

I can shut pings off in the firewall but it also limits me on things I can do IIRC.

If this is really a concern then invest in a firewall that you can globally deny pings but have filters that allow ping from specified IP's.

[Kerberos]

Quote:

Originally Posted by KC Fish

Don't worry about it. Chances are, the owner of the PC has no clue anyway.

Kind of what I figured is that someone is running a script through someones infected PC to scan ports on random IP addresses. It's just weird that it hit "MY" public address and stopped for an extended visit trying every stinking port on my router.

I have logs that show the same addresses hitting a variety of ports but usually they hit a few and move on. I have never gotten this many logs that show ONE IP address that is hitting me nonstop.

Maybe it is someone I pissed off playing TFC online?

[Kerberos]

Quote:

Originally Posted by penguinz

If this is really a concern then invest in a firewall that you can globally deny pings but have filters that allow ping from specified IP's.

Question

I've had to open ports on my router for STEAM online gaming. Will turning off global pings keep that from working right?

[HC_Chief]

Quote:

Originally Posted by H1N1

Question

I've had to open ports on my router for STEAM online gaming. Will turning off global pings keep that from working right?

Pings use ICMP. Steam uses UDP and TCP. Steam should not require ICMP.

[Kerberos]

Quote:

Originally Posted by HC_Chief

Pings use ICMP. Steam uses UDP and TCP. Steam should not require ICMP.

Thanks Brah

[mrbiggz]

I know of an utility back in the early 00's that did what you described but am unable to find the name, but I was able to find http://www.geoiptool.com/ with a quick google search.

[Shag]

Quote:

Originally Posted by H1N1

Kind of what I figured is that someone is running a script through someones infected PC to scan ports on random IP addresses. It's just weird that it hit "MY" public address and stopped for an extended visit trying every stinking port on my router.

I have logs that show the same addresses hitting a variety of ports but usually they hit a few and move on. I have never gotten this many logs that show ONE IP address that is hitting me nonstop.

Maybe it is someone I pissed off playing TFC online?

That's just a port scan, and is very common on the internet. Most likely it was random - someone looking for machines listening on ports associated with vulnerable applications/services. I wouldn't sweat it.