Getting IP Spoofed; What Should I Do?

Discussion in 'Software' started by kwyjibo, Nov 21, 2004.

  1. kwyjibo

    kwyjibo Private E-2

    I was looking at my Belkin router's security log, and I came across many of these:

    Fri Nov 19 11:27:27 2004 : **IP Spoofing** Source IP:192.168.2.1 Port:52258 Dest IP:239.255.255.253 Port:427

    The Blue IP address is that of my router, and the red port number is different for each entry. Everything else save the date is the same for each entry.

    I did a Whois search on the IP address 239.255.255.253 and got this:

    Search results for: 239.255.255.253


    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    I used http://www.webyield.net/domainquery.html to find out that information.

    What should I do now?
     
    kwyjibo, Nov 21, 2004
    #1
  2. TheDoug

    TheDoug MajorGeek

    I guess you should be comforted that your router caught it and stopped it.

    I have to wonder about these kinds of things sometimes. My router often tells me I'm being attacked by my ISP's DNS server, or even from the IP of my own private webhosting server.
     
    TheDoug, Nov 21, 2004
    #2
  3. kwyjibo

    kwyjibo Private E-2

    Well, as comforting as that may be, I need to know what to do now. Should I report the IP to my ISP? to police? do nothing?
     
    kwyjibo, Nov 22, 2004
    #3
  4. TheDoug

    TheDoug MajorGeek

    Port 427 has something to do with something called [size=-1]Service Location Protocol, and IANA is a legitimate organization. I think something else is afoot-- probably innocuous, or possibly not. But, notice that the source IP being reported by your router is yours, not the other way around.
    [/size]
     
    TheDoug, Nov 22, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds