Odd IP. - Firewalls

This is a discussion on Odd IP. - Firewalls ; A couple of day's ago I find this in my router's log, is nothing peculiar and no alarming about it. But then I trying to look up the IP, all the services I have used so far say's the IP ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Odd IP.

  1. Odd IP.

    A couple of day's ago I find this in my router's log, is nothing
    peculiar and no alarming about it.
    But then I trying to look up the IP, all the services I have used so far
    say's the IP don't exist.

    -------------------------------
    Thursday May 03, 2007 13:08:54 Unrecognized attempt blocked from
    218.150.110.9:2270 to 83.252.171.112 TCP:3128
    Thursday May 03, 2007 13:09:15 Unrecognized attempt blocked from
    218.150.110.9:2328 to 83.252.171.112 TCP:6588
    Thursday May 03, 2007 13:08:33 Unrecognized attempt blocked from
    218.150.110.9:2217 to 83.252.171.112 TCP:8080
    -------------------------------

    A traceroute tells me that the IP is in use and is responding.

    -------------------------------
    :~$ traceroute 218.150.110.9
    traceroute to 218.150.110.9 (218.150.110.9), 30 hops max, 40 byte packets
    1 ipcop.ajjas.localdomain (192.168.xx.xx) 2.049 ms 0.509 ms 0.450 ms
    *
    * Sniped it down a little
    *
    27 218.150.110.9 (218.150.110.9) 358.686 ms 364.649 ms 382.702 ms
    -------------------------------

    Is there any way to find out more on this IP '218.150.110.9'?

    /Anders

  2. Re: Odd IP.

    Anders wrote:


    > Is there any way to find out more on this IP '218.150.110.9'?


    I really wonder... you know 'traceroute', but you don't know 'whois'?

    Beside that, why should you care? Obviously some dude thought you've have a
    HTTP proxy running, probably due to some stupid proxy list entry.

  3. Re: Odd IP.

    Sebastian G. skrev:

    > I really wonder... you know 'traceroute', but you don't know 'whois'?



    Just for you Sebastian, so that you can see for you self.

    HTTP://ws.arin.net/cgi-bin/who is.pl :
    -----------------------------------
    NetRange: 218.0.0.0 - 218.255.255.255
    CIDR: 218.0.0.0/8
    NetName: PANIC4
    NetHandle: NET-218-0-0-0-1
    Parent:
    NetType: Allocated to PANIC
    Name Server: NS1.PANIC.NET
    Name Server: NS3.PANIC.NET
    Name Server: NS4.PANIC.NET
    Name Server: NS-SEC.RIPE.NET
    Name Server: TONNIE.ARIN.NET
    Comment: This IPA address range is not registered in the ARIN database.
    Comment: For details, refer to the PANIC Who is Database via
    Comment: WHO IS.PANIC.NET or HTTP://WNW.panic.net/panic-bin/who is2.pl
    Comment: ** IMPORTANT NOTE: PANIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. PANIC does not operate networks
    Comment: using this IPA address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to HTTP://WNW.panic.net/info/FAQ/abuse
    Comment:
    Reg Date: 2000-12-07
    Updated: 2005-05-20
    -----------------------------------------

    HTTP://WNW.ripe.net/who is?form_type=simple&full_query_string=&search
    text=218.150.110.9&do_search=Search

    ---------------------------------------
    antonym: 0.0.0.0 - 255.255.255.255
    net name: IA NA-BALK
    descry: The whole IV4 address space
    country: EU # Country is really world wide
    org: ORG-IA NA1-RIPE
    admin-c: IA NA1-RIPE
    tech-c: IA NA1-RIPE
    status: ALLOCATED UNSPECIFIED "status:" definitions
    remarks: The country is really worldwide.
    remarks: This address space is assigned at various other places in
    remarks: the world and might therefore not be in the RIPE database.
    Mont-by: RIPE-NC-HM-MONT
    Mont-lower: RIPE-NC-HM-MONT
    Mont-routes: RIPE-NC-RPS-MONT
    source: RIPE # Filtered

    --------------------------------------

    HTTP://Q.panic.net/panic-bin/who is.pl/

    -------------------------------------
    %ERROR:101: no entries found
    %
    % No entries found in the selected source(s).
    -----------------------------------------

    I'm just a little curious.

    /Anders

  4. Re: Odd IP.

    On Fri, 04 May 2007 22:23:04 GMT, Anders wrote:

    > Sebastian G. skrev:
    >
    >> I really wonder... you know 'traceroute', but you don't know 'whois'?

    >
    > Just for you Sebastian, so that you can see for you self.
    >
    > HTTP://ws.arin.net/cgi-bin/who is.pl :


    Just for you Anders

    inetnum: 218.144.0.0 - 218.159.255.255
    netname: KORNET
    descr: KOREA TELECOM
    descr: Network Management Center
    country: KR
    admin-c: DL248-AP
    tech-c: GK40-AP
    remarks: ***********************************************
    remarks: KRNIC of NIDA is the National Internet Registry
    remarks: in Korea under APNIC. If you would like to
    remarks: find assignment information in detail
    remarks: please refer to the NIDA Whois DB
    remarks: http://whois.nida.or.kr/english/index.html
    remarks: ***********************************************
    mnt-by: MNT-KRNIC-AP
    mnt-lower: MNT-KRNIC-AP
    changed: hostmaster@apnic.net 20010924
    status: ALLOCATED PORTABLE
    changed: hm-changed@apnic.net 20041007
    source: APNIC

    person: Dong-Joo Lee
    address: 128-9 Yeong-Dong Jongro-Ku Seoul
    address: Network Management Center
    country: KR
    phone: +82-2-766-1407
    fax-no: +82-2-766-6008
    e-mail: ip@krnic.kornet.net
    e-mail: abuse@kornet.net
    nic-hdl: DL248-AP
    mnt-by: MAINT-NEW
    changed: hostmaster@nic.or.kr 20061010
    source: APNIC

    person: Gyung-Jun Kim
    address: KORNET
    address: 128-9, Yeong-Dong, Jongro-Ku
    address: SEOUL
    address: 110-763
    country: KR
    phone: +82-2-747-9213
    fax-no: +82-2-3673-5452
    e-mail: ip@krnic.kornet.net
    e-mail: abuse@kornet.net
    nic-hdl: GK40-AP
    mnt-by: MNT-KRNIC-AP
    changed: hostmaster@nic.or.kr 20061009
    source: APNIC

    inetnum: 218.150.110.9 - 218.150.110.9
    netname: KORNET-10133436260-KR
    descr: DAEJEON Metropolitan City
    country: KR
    admin-c: IM0148839-KR
    tech-c: IM0148839-KR
    remarks: This IP address space has been allocated to KRNIC.
    remarks: For more information, using KRNIC Whois Database
    remarks: whois -h whois.nic.or.kr
    mnt-by: MNT-KRNIC-AP
    remarks: This information has been partially mirrored by APNIC from
    remarks: KRNIC. To obtain more specific information, please use the
    remarks: KRNIC whois server at whois.krnic.net.
    changed: hostmaster@nic.or.kr
    source: KRNIC

    And

    218.150.110.9 is listed as an open proxy in dnsbl.njabl.org.

    218.150.110.9 is listed in blackholes.njabl.org: Korea blocked by
    korea.blackholes.us

    218.150.110.9 has no PTR

    It was added to the list: Sat Aug 20 21:34:16 2005 EST

  5. Re: Odd IP.

    Slarty wrote:
    > On Fri, 04 May 2007 22:23:04 GMT, Anders wrote:
    >
    >> Sebastian G. skrev:
    >>
    >>> I really wonder... you know 'traceroute', but you don't know 'whois'?

    >> Just for you Sebastian, so that you can see for you self.
    >>
    >> HTTP://ws.arin.net/cgi-bin/who is.pl :

    >
    > inetnum: 218.150.110.9 - 218.150.110.9
    > netname: KORNET-10133436260-KR
    > descr: DAEJEON Metropolitan City
    > country: KR
    > admin-c: IM0148839-KR
    > tech-c: IM0148839-KR
    > remarks: This IP address space has been allocated to KRNIC.
    > remarks: For more information, using KRNIC Whois Database
    > remarks: whois -h whois.nic.or.kr
    > mnt-by: MNT-KRNIC-AP
    > remarks: This information has been partially mirrored by APNIC from
    > remarks: KRNIC. To obtain more specific information, please use the
    > remarks: KRNIC whois server at whois.krnic.net.
    > changed: hostmaster@nic.or.kr
    > source: KRNIC


    And if you check the korean whois you get even more details: (I just
    copy the english information here and not the korean ;-)

    If you want to complain there are a few e-mail addresses listed.

    Gerald

    ----------- snip

    # ENGLISH

    KRNIC is not an ISP but a National Internet Registry similar to APNIC.
    The followings is organization information that is using the IPv4 address.

    IPv4 Address : 218.150.110.9-218.150.110.9
    Network Name : KORNET-10133436260
    Connect ISP Name : KORNET
    Registration Date : 20060405
    Publishes : N

    [ Organization Information ]
    Organization ID : ORG556593
    Org Name : DAEJEON Metropolitan City
    Address : Yucheon-dong, Jung-gu
    Zip Code : 301140

    [ Technical Contact Information ]
    Org Name : DAEJEON Metropolitan City
    Address : Yucheon-dong, Jung-gu
    Zip Code : 301140
    E-Mail : ip@krnic.kornet.net

    --------------------------------------------------------------------------------

    If the above contacts are not reachable, please contact following ISP
    for further information.

    [ ISP IPv4 Admin Contact Information ]
    Name : IP Administrator
    Phone : +82-2-3674-5708
    E-Mail : ip@krnic.kornet.net

    [ ISP IPv4 Tech Contact Information ]
    Name : IP Manager
    Phone : +82-2-3674-5708
    E-Mail : ip@krnic.kornet.net

    [ ISP Network Abuse Contact Information ]
    Name : Network Abuse
    Phone : +82-2-100-0000
    E-Mail : abuse@kornet.net




  6. Re: Odd IP.

    Gerald Vogt wrote:

    > If you want to complain there are a few e-mail addresses listed. [Some
    > addresses in Korea]


    Abuse departments do not exist in Korea.

    Of course there is nothing wrong to publish those whois entries on usenet to
    make shure that Korean administrators recieve the latest information about
    p*nis enlargement, cheap pills and penny stocks.



    Wolfgang

  7. Re: Odd IP.

    Gerald Vogt skrev:
    > Slarty wrote:


    OK, Korea, that is in Asia, but then I did the traceroute the first 12
    jump was
    in Sweden the second 3 jump was in Holland and then there is 5 jump in US,
    all this jumps telling me nicely who they are, but then there is 7 jump
    that is
    only give a way the IP's including 218.150.110.9.

    So my conclusion was that it was some machine in US or
    North/South-America, not on
    the other side of the world, and then I did a whois on the IP from my
    own little
    prog it just closed down the connection with out no info.

    That it could be an IP from Korea never comes to my mind, I was in for
    that it rather
    could be some unregistered spammer in US. ;-)

    Thank's for the info.

    /Anders

  8. Re: Odd IP.

    Anders wrote:
    > OK, Korea, that is in Asia, but then I did the traceroute the first 12
    > jump was
    > in Sweden the second 3 jump was in Holland and then there is 5 jump in US,
    > all this jumps telling me nicely who they are, but then there is 7 jump
    > that is
    > only give a way the IP's including 218.150.110.9.
    >
    > So my conclusion was that it was some machine in US or
    > North/South-America, not on
    > the other side of the world, and then I did a whois on the IP from my
    > own little
    > prog it just closed down the connection with out no info.


    Very much traffic still goes through the U.S. Many connections from Asia
    to Europe go through the U.S. I suppose this is because many people
    still use servers in the U.S. and they have enough bandwidth. And maybe
    it makes it easier for the U.S. to tap world-wide internet traffic...

    Gerald

  9. Re: Odd IP.

    On May 4, 3:34 pm, Anders wrote:
    > A couple of day's ago I find this in my router's log, is nothing
    > peculiar and no alarming about it.
    > But then I trying to look up the IP, all the services I have used so far
    > say's the IP don't exist.
    >
    > -------------------------------
    > Thursday May 03, 2007 13:08:54 Unrecognized attempt blocked from
    > 218.150.110.9:2270 to 83.252.171.112 TCP:3128
    > Thursday May 03, 2007 13:09:15 Unrecognized attempt blocked from
    > 218.150.110.9:2328 to 83.252.171.112 TCP:6588
    > Thursday May 03, 2007 13:08:33 Unrecognized attempt blocked from
    > 218.150.110.9:2217 to 83.252.171.112 TCP:8080
    > -------------------------------
    >
    > A traceroute tells me that the IP is in use and is responding.
    >
    > -------------------------------
    > :~$ traceroute 218.150.110.9
    > traceroute to 218.150.110.9 (218.150.110.9), 30 hops max, 40 byte packets
    > 1 ipcop.ajjas.localdomain (192.168.xx.xx) 2.049 ms 0.509 ms 0.450 ms
    > *
    > * Sniped it down a little
    > *
    > 27 218.150.110.9 (218.150.110.9) 358.686 ms 364.649 ms 382.702 ms
    > -------------------------------
    >
    > Is there any way to find out more on this IP '218.150.110.9'?
    >
    > /Anders


    Try using www.dnsstuff.com. They have some useful tools.


  10. Re: Odd IP.

    Gerald Vogt wrote:

    > Very much traffic still goes through the U.S. Many connections from
    > Asia to Europe go through the U.S. I suppose this is because many
    > people still use servers in the U.S. and they have enough bandwidth.
    > And maybe it makes it easier for the U.S. to tap world-wide internet
    > traffic...


    Actually I think it's more due to the fact that there are lots of trans-
    atlantic lines, lots of trans-pacific lines, but not all that many
    direct Europe-Asia lines.

    A couple of months ago a new fiberoptic line from Europe 'round Africa,
    through the Indian Ocean and into Singapore was finished, but I don't
    know if it's in use already.

    Juergen Nieveler
    --
    What do you mean? You actually read this Tagline?!?

+ Reply to Thread