Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ? - TCP-IP

This is a discussion on Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ? - TCP-IP ; Hello, My computer is receiving many TCP connection (attempts?) from the following IP Addressess: 72.172.89.141 72.172.89.142 72.172.89.143 72.172.89.144 72.172.89.145 72.172.89.147 72.172.89.149 72.172.89.150 72.172.89.151 72.172.89.etc Then continues at: 72.172.90.117 72.172.90.118 72.172.90.etc 72.172.91.etc I have blocked communication with subnet 72.172.*.* out of ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ?

  1. Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ?

    Hello,

    My computer is receiving many TCP connection (attempts?) from the following
    IP Addressess:

    72.172.89.141
    72.172.89.142
    72.172.89.143
    72.172.89.144
    72.172.89.145
    72.172.89.147
    72.172.89.149
    72.172.89.150
    72.172.89.151
    72.172.89.etc

    Then continues at:
    72.172.90.117
    72.172.90.118
    72.172.90.etc

    72.172.91.etc

    I have blocked communication with subnet 72.172.*.* out of precaution just
    in case
    (My computer is still receiving from the subnet but it won't send any more
    resets back )

    Seems like a military subnet ?

    Or maybe it's an IPv6 related subnet ?

    Bye,
    Skybuck.



  2. Re: Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ?

    In article <5c248$4833ad87$541983fa$25711@cache4.tilbu1.nb.hom e.nl>,
    "Skybuck Flying" wrote:

    > Hello,
    >
    > My computer is receiving many TCP connection (attempts?) from the following
    > IP Addressess:


    What ports?

    >
    > 72.172.89.141
    > 72.172.89.142
    > 72.172.89.143
    > 72.172.89.144
    > 72.172.89.145
    > 72.172.89.147
    > 72.172.89.149
    > 72.172.89.150
    > 72.172.89.151
    > 72.172.89.etc
    >
    > Then continues at:
    > 72.172.90.117
    > 72.172.90.118
    > 72.172.90.etc
    >
    > 72.172.91.etc
    >
    > I have blocked communication with subnet 72.172.*.* out of precaution just
    > in case
    > (My computer is still receiving from the subnet but it won't send any more
    > resets back )
    >
    > Seems like a military subnet ?


    Where do you get that from? Here's the WHOIS entry:

    CustName: Smart Start
    Address: 2260 East El Segundo Blvd
    City: El Segundo
    StateProv: CA
    PostalCode: 90245
    Country: US
    RegDate: 2008-02-15
    Updated: 2008-02-15

    NetRange: 72.172.88.0 - 72.172.91.255
    CIDR: 72.172.88.0/22
    NetName: SMART-START
    NetHandle: NET-72-172-88-0-1
    Parent: NET-72-172-64-0-1
    NetType: Reassigned
    Comment:
    RegDate: 2008-02-15
    Updated: 2008-02-15

    OrgTechHandle: NET2E-ARIN
    OrgTechName: Net2EZ Support
    OrgTechPhone: +1-310-426-9933
    OrgTechEmail: support@net2ez.com

    > Or maybe it's an IPv6 related subnet ?


    What makes you think that?

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  3. Re: Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ?

    I did tracert 72.172.89.141.

    Then it showed blablabla.in-addr.arpa.

    It seemed like 72.x was coupled to this dns name...

    Then I looked in-addr.arpa up in Wikipedia and same vague talk about
    military came up.

    But maybe in-addr.arpa is general purpose and is always present in the
    tracert output screen and it just confused me ?

    Anyway thx for your lookup... I sent a little e-mail to it telling him/them
    their subnet is tcp/ip spamming me and asking them what's going on and if
    they can please stop it because it's not nice

    Bye,
    Skybuck.




  4. Re: Port Scanning, or Worm ? (from 72.172.*.*) some.ip.in-addr.arpa ?

    In article <97a99$48341dae$541983fa$16080@cache6.tilbu1.nb.hom e.nl>,
    "Skybuck Flying" wrote:

    > I did tracert 72.172.89.141.
    >
    > Then it showed blablabla.in-addr.arpa.
    >
    > It seemed like 72.x was coupled to this dns name...
    >
    > Then I looked in-addr.arpa up in Wikipedia and same vague talk about
    > military came up.


    in-addr.arpa is just the domain that contains all IPv4 reverse DNS
    records. Its legacy is from the original military roots of the
    Internet, but there's no military relationship now.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***

+ Reply to Thread