Home Mail MemberMap Chat (0) Wallpapers
Go Back   ChiefsPlanet > The Lounge

Reply
 
Thread Tools Display Modes
Old 05-18-2009, 06:31 AM  
Kerberos Kerberos is offline
Chiefs Baby
 
Kerberos's Avatar
 
Join Date: Jan 2004
Location: Henderson, NV
Casino cash: $5547
Tracking an IP to physical address

Ok

I am using IP Tracer to link an IP address to an area where port scans on my router are coming from. My router emails me a log every time it fills up with 200 deny's of access that are logged. I have 8 full logs in the last 16 hours and 1 IP address in particular keeps coming up 95% of the time. 98.64.112.152 It is coming from somwhere in MIAMI

I don't know about the rest of you but I average about 1 log a day to a day and a half on a pretty regular basis so YES this raised an eyebrow.

Could it be an infected computer that someone is launching thier attack from? Maybe.

Has anyone ever looked into anything like this?

Yea I know I'm just being paranoid but better to be paranoid than relaxed about it IMO.

BTW another IP address that is there a lot in the last 10 hours is coming from BOSTON.... DAMN YOU CADMONKEY or AMNORIX. I really don't have anything on my PC you guys could actually want.

Problem is I don't know what I woluld do if I had an address and phone #.

Anyone else even give a flying rats ass if someone is running port scans at this rate on your router?



http://www.ip-adress.com/ip_tracer/98.64.112.152
Posts: 5,623
Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.
  Reply With Quote
Old 05-18-2009, 07:40 AM   #2
jidar jidar is offline
MVP
 
jidar's Avatar
 

Join Date: May 2005
Location: a
Casino cash: $5000
The only thing you can do is contact the ISP that owns the IP address and tell them that such-and-such IP is running a scanner. Do not expect them to bother with it right away and do not be surprised if they don't do anything at all. Telling an ISP admin that they have IPs scanning on the Internet it similar to telling a police officer that someone is jaywalking, it's just not that big of a deal and it's happening constantly anyway so it's hardly worth the effort to look into.
Posts: 5,502
jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.jidar is not part of the Right 53.
  Reply With Quote
Old 05-18-2009, 07:51 AM   #3
BigRedChief BigRedChief is offline
Brainwashed
 
BigRedChief's Avatar
 

Join Date: Dec 2003
Location: Swims with fishes
Casino cash: $19094
VARSITY
There are literally millions of bots running scripts out there trying to find holes in pc's. No biggie as long as you are set up right. Get yourself a firewall that doesn't return pings and they don't even know you exsist on the internet superhighway.

open up a command line and type in:
netstat -a

That'll show you all active connections

type in
nbtstat /?
that'll show you all the different options to get the host name but since you don't have rights on the ISP's domain you won't get good results but your ISP will know who it is.

Free DNS stuff here:
http://www.dnsstuff.com/
__________________
If you don't have a seat at the table, you're probably on the menu
Posts: 44,927
BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.
  Reply With Quote
Old 05-18-2009, 08:15 AM   #4
Kerberos Kerberos is offline
Chiefs Baby
 
Kerberos's Avatar
 

Join Date: Jan 2004
Location: Henderson, NV
Casino cash: $5547
Quote:
Originally Posted by BigRedChief View Post
There are literally millions of bots running scripts out there trying to find holes in pc's. No biggie as long as you are set up right. Get yourself a firewall that doesn't return pings and they don't even know you exsist on the internet superhighway.

open up a command line and type in:
netstat -a

That'll show you all active connections

type in
nbtstat /?
that'll show you all the different options to get the host name but since you don't have rights on the ISP's domain you won't get good results but your ISP will know who it is.

Free DNS stuff here:
http://www.dnsstuff.com/
I can shut pings off in the firewall but it also limits me on things I can do IIRC.
Posts: 5,623
Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.
  Reply With Quote
Old 05-18-2009, 09:14 AM   #5
MIAdragon MIAdragon is offline
Someone pass the antifreeze
 
MIAdragon's Avatar
 

Join Date: Oct 2005
Location: Miami (North Cuba)
Casino cash: $8602
My bad.
__________________
Posts: 12,707
MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.MIAdragon has parlayed a career as a truck driver into debt free trailer and jon boat ownership.
  Reply With Quote
Old 05-18-2009, 09:35 AM   #6
htismaqe htismaqe is offline
What? What?
 
htismaqe's Avatar
 

Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $8834
There's no way to trace an IP address to a physical address, whether you mean geographically or in terms of physical network address. There's invariably devices between you that obscure the physical address of the attacker.

Furthermore, it's possible those IP addresses are spoofed.
Posts: 61,900
htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.
  Reply With Quote
Old 05-18-2009, 09:46 AM   #7
Fish Fish is online now
Missing Dick Curl
 
Fish's Avatar
 

Join Date: Sep 2005
Casino cash: $11316
Don't worry about it. Chances are, the owner of the PC has no clue anyway.
__________________
Posts: 26,229
Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.
  Reply With Quote
Old 05-18-2009, 09:53 AM   #8
htismaqe htismaqe is offline
What? What?
 
htismaqe's Avatar
 

Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $8834
Quote:
Originally Posted by KC Fish View Post
Don't worry about it. Chances are, the owner of the PC has no clue anyway.
Right.
Posts: 61,900
htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.
  Reply With Quote
Old 05-18-2009, 09:55 AM   #9
penguinz penguinz is offline
MVP
 
penguinz's Avatar
 

Join Date: Mar 2003
Casino cash: $40615
Quote:
Originally Posted by H1N1 View Post
I can shut pings off in the firewall but it also limits me on things I can do IIRC.
If this is really a concern then invest in a firewall that you can globally deny pings but have filters that allow ping from specified IP's.
__________________
http://blackoutsopa.com
Posts: 7,631
penguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitellipenguinz 's adopt a chief was Sabby Piscitelli
  Reply With Quote
Old 05-18-2009, 09:57 AM   #10
Kerberos Kerberos is offline
Chiefs Baby
 
Kerberos's Avatar
 

Join Date: Jan 2004
Location: Henderson, NV
Casino cash: $5547
Quote:
Originally Posted by KC Fish View Post
Don't worry about it. Chances are, the owner of the PC has no clue anyway.
Kind of what I figured is that someone is running a script through someones infected PC to scan ports on random IP addresses. It's just weird that it hit "MY" public address and stopped for an extended visit trying every stinking port on my router.

I have logs that show the same addresses hitting a variety of ports but usually they hit a few and move on. I have never gotten this many logs that show ONE IP address that is hitting me nonstop.

Maybe it is someone I pissed off playing TFC online?
Posts: 5,623
Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.
  Reply With Quote
Old 05-18-2009, 11:00 AM   #11
Kerberos Kerberos is offline
Chiefs Baby
 
Kerberos's Avatar
 

Join Date: Jan 2004
Location: Henderson, NV
Casino cash: $5547
Quote:
Originally Posted by penguinz View Post
If this is really a concern then invest in a firewall that you can globally deny pings but have filters that allow ping from specified IP's.
Question

I've had to open ports on my router for STEAM online gaming. Will turning off global pings keep that from working right?
Posts: 5,623
Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.
  Reply With Quote
Old 05-18-2009, 11:10 AM   #12
HC_Chief HC_Chief is offline
Get a life!
 
HC_Chief's Avatar
 

Join Date: Aug 2000
Location: NorCal
Casino cash: $6274
Quote:
Originally Posted by H1N1 View Post
Question

I've had to open ports on my router for STEAM online gaming. Will turning off global pings keep that from working right?
Pings use ICMP. Steam uses UDP and TCP. Steam should not require ICMP.
__________________
I'm mean because you're stupid.
Posts: 9,601
HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.HC_Chief has just been standing around suckin' on a big ol' chili dog.
  Reply With Quote
Old 05-18-2009, 11:11 AM   #13
Kerberos Kerberos is offline
Chiefs Baby
 
Kerberos's Avatar
 

Join Date: Jan 2004
Location: Henderson, NV
Casino cash: $5547
Quote:
Originally Posted by HC_Chief View Post
Pings use ICMP. Steam uses UDP and TCP. Steam should not require ICMP.
Thanks Brah
Posts: 5,623
Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.Kerberos must have mowed badgirl's lawn.
  Reply With Quote
Old 05-18-2009, 12:07 PM   #14
mrbiggz mrbiggz is offline
Starter
 

Join Date: Aug 2003
Location: i travel
Casino cash: $5833
I know of an utility back in the early 00's that did what you described but am unable to find the name, but I was able to find http://www.geoiptool.com/ with a quick google search.
Posts: 142
mrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking aboutmrbiggz is the dumbass Milkman is always talking about
  Reply With Quote
Old 05-18-2009, 12:17 PM   #15
Shag Shag is offline
Factory of Sadness
 

Join Date: Sep 2004
Location: Minneapolis, MN
Casino cash: $7626
Quote:
Originally Posted by H1N1 View Post
Kind of what I figured is that someone is running a script through someones infected PC to scan ports on random IP addresses. It's just weird that it hit "MY" public address and stopped for an extended visit trying every stinking port on my router.

I have logs that show the same addresses hitting a variety of ports but usually they hit a few and move on. I have never gotten this many logs that show ONE IP address that is hitting me nonstop.

Maybe it is someone I pissed off playing TFC online?
That's just a port scan, and is very common on the internet. Most likely it was random - someone looking for machines listening on ports associated with vulnerable applications/services. I wouldn't sweat it.
Posts: 3,920
Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.Shag must have mowed badgirl's lawn.
  Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump




All times are GMT -6. The time now is 02:16 PM.


This is a test for a client's site.
A new website that shows member-created construction site listings that need fill or have excess fill. Dirt Monkey @ https://DirtMonkey.net
Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.