Honda Motorcycles - FireBlades.org banner

1 - 9 of 9 Posts

·
Registered
Joined
·
4,216 Posts
Discussion Starter #1
I've been having about 3 - 5 attempts a day to access my computer, but the firewall i'm running I hope is catching it (It says it is). The IP is 172.18.11.223 and has TCP port 1694 after it. Help me make sence of this. I've tried an IP finder with no luck.
 

·
Registered
Joined
·
14,224 Posts
Unpingable

Here is the whois:
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
NetName: IANA-BBLK-RESERVED
NetHandle: NET-172-16-0-0-1
Parent: NET-172-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-12

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]

TCP/IP port 1694 is used for rrimwm although I am not sure what that is.
 

·
Registered
Joined
·
2,466 Posts
It's a spoofed IP address. You won't find the origin.

What you can do is double check to ensure that your firewall is dropping (not rejecting) all connections from the 172.16.0.0/12 subnet.
You can also force your DSL/Cable connection to restart so that your router (I assume you have something like a linksys router) will pick up a new IP address and hence that guy won't know where you've gone.
 

·
Registered
Joined
·
4,216 Posts
Discussion Starter #4
nomad said:
It's a spoofed IP address. You won't find the origin.

What you can do is double check to ensure that your firewall is dropping (not rejecting) all connections from the 172.16.0.0/12 subnet.
You can also force your DSL/Cable connection to restart so that your router (I assume you have something like a linksys router) will pick up a new IP address and hence that guy won't know where you've gone.
No router, I'm on a fixed wireless system. The signal is transfered via a tower about 1/4 mile from my home and I have an antenna to recieve the signal, from there it runs through a cable to some box called a "smart bridges" then to a converter to usb then into my computer. My ISP somehow hides my actual IP, what I mean there is a different IP that shows up when you go to a web page to search your IP addy than the one I actually have.
 

·
Registered
Joined
·
80 Posts
I'm not really sure what a hacker would want with rrimwm which is what is on that port. The IP looks like it might come from the blackhole which is an anti spam site and whitelist maker. It may be that you have been reported as a spammer and they are scanning you. I have found that even my own ISP scans me from time to time I guess to see if I run a port 80 or 21 open since they frown on both of those items. I would adjust my firewall to simply drop all IP request from the range 172.0.0.0/8 and that should stop all traffic from that area, the only reason not to use the 172.16.0.0/12 is since it is not a static Ip and that group goes to 172.31 then they could simply shift to another block. Personally I wouldn't really worry about it and simply close the port to internet access.
 

·
Registered
Joined
·
80 Posts
So you don't feel alone this is pretty much a common day for one of my servers.

A total of 14 sites probed the server
82.33.115.228
168.215.22.23
204.192.45.108
68.229.119.5
204.192.45.89
204.192.45.112
81.192.29.56
204.192.45.154
214.3.138.234
204.192.45.192
24.171.88.95
64.65.255.242
68.226.91.28
204.192.45.252

!!!! 1 possible successful probes
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP Response 301

A total of 11 unidentified 'other' records logged
with response code(s)
 
1 - 9 of 9 Posts
Top