ZoneAlarm,blocked IPs,Malicious?, WhoIs'd

Discussion in 'Software' started by housiemousie2, Sep 25, 2007.

  1. housiemousie2

    housiemousie2 Corporal

    Zone Alarm is doing it's job, I am just curious about the blocked IPs, if they are malicious or not...
    I have taken the time to look them over and run a WhoIs on them, with these reuslts.

    These first ones (I omitted MANY from this series) usually comes in pairs and is BY FAR the most prolific. Out of 54 blocked intrusions, well over half were from this domain.


    24.64.150.253:8431
    S01060050bac25e65.lb.shawcable.net

    24.64.56.148:27691
    S010600095bfe5cbb.rd.shawcable.net

    24.64.106.208:20544
    S0106000d569bc853.cg.shawcable.net

    Then it stopped identifying itself.

    24.64.90.13:7536
    Looking up the domain name for IP: 24.64.90.13
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 7536
    No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed.

    These others came in with just a few similar IPs to the ones I am showing here.

    222.216.28.135:6000
    Looking up the domain name for IP: 222.216.28.135
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 6000
    [Connected] The remote connection was accepted but the server did not return a connection greeting.


    82.166.13.107:57073
    Looking up the domain name for IP: 82.166.13.107
    The domain name for the IP address is: 82-166-13-107.barak-online.net
    Connecting to the server on remote port: 57073
    No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed.

    This one comes from my ISP, but is it my ISP trying to connect with my machine, or someone else?

    75.110.69.30:4090
    Looking up the domain name for IP: 75.110.69.30
    The domain name for the IP address is: r75-110-69-30.gvllcmtc01.gnvlnc.ab.dh.suddenlink.net
    Connecting to the server on remote port: 4090
    The port is closed, so our connection attempt was refused.

    58.244.205.82:53778
    Looking up the domain name for IP: 58.244.205.82
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 53778
    The port is closed, so our connection attempt was refused

    128.27.16.157:44886
    Looking up the domain name for IP: 128.27.16.157
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 44886
    No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed

    219.240.44.147:6000
    Looking up the domain name for IP: 219.240.44.147
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 6000
    The port is closed, so our connection attempt was refused.

    168.46.135.189:30938
    Looking up the domain name for IP: 168.46.135.189
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on remote port: 30938
    No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed.

    BTW, I was trying to connect with them on different ports, but have posted the connection attempts made via the same port they used to try to contact me with, as reported by Zone Alarm.
    I get it that nothing bad is happening... it is primarily the first one that bugs me since it is SO numerous and after three queries stopped identifying itself.

    Thanks for your time!
     
  2. sosaman

    sosaman Sergeant Major

  3. housiemousie2

    housiemousie2 Corporal

    Uhh, thanks for trying and posting... I gotta question though.

    What kind of site is ancientpond? It popped up a dialog box with a series of ":D" and I bailed out since it would not let me ignore it and continue. lol That sucker made me nervous.

    Thanks again.
     
  4. sosaman

    sosaman Sergeant Major

    well, it looks like an individual that has posted all the current probes to his computer or site. that's why when i did a search on "24.64.90.13" in google, it came up with his site and another. (below is what he has to say). anyway, g/l

    NO!! I didn't attack YOUR machine!!! furrfu!

    Okay, you noticed a probe on your machine. You "found" me. BEFORE you go accusing me of anything read this, and avoid making an *** of yourself.

    Here's what likely occurred. See if you recognize yourself

    1. You have a machine, probably a windoze box, "directly" connected to the internet, at best with a cable modem or DSL box.
    2. You don't have a real firewall, but you are running software like the norton product or ZoneAlarm on your own machine.
    3. Said non-firewall product (I'm a stickler, a firewall is a separate machine) indicated a probe from some IP address.
    4. Full of righteous fury, you decided to "get" the attacker, so you yahoo-search-ed[1] for the address - after all, that MUST be the attacker, no?
    5. Yahoo-Search pointed you to my badguys page, which at this moment (Oct 2002) holds records of over 6000 probes to MY system. But yahoo-search pointed you to my page, you didn't even read it, and sent me an indignant email.
    6. I sent you a reference to this webpage, and added you to my list of the clueless.

    Please get a clue! I don't attack systems, but I DO record attacks on my system. YOU were simply attacked by someone who attacked me. You can find when they probed my system by actually searching for the IP address on the badguys page.

    Please read some more of the literature before going off on me.

    [1] Yahoo is notorious for putting my badguys page at the head of many searches for particular IP addresses. This does not mean I'm the culprit!!! It only means this person also probed my equipment.
     
  5. housiemousie2

    housiemousie2 Corporal

    Ah, okay... thank you!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds