Results 1 to 10 of 12

Thread: suspicious ip address showed up in my privacy site list

Hybrid View

  1. #1
    amethyst Guest

    Default suspicious ip address showed up in my privacy site list

    I don't know how long it was there, as I don't check this list every day, but IP addresses there sure do catch my eye.

    So I did an arin search, and this IP address belongs to a person in a private residence in Hoboken, NJ. I have blocked that address as well as the entire range of addresses that showed up by entering them and the IP address range in the blocked zone. I rebooted the computer. I have done a white pages search with this person's name and I don't come up with anything. It would have been nice to be able to phone this person and say, "Hey, whazzup with this?" The word "datapipe" is mentioned in the writeup. I will be phoning the telephone numbers provided in the morning.

    Feeling kind of ill about this right now actually. This must have come from a website. With the blocks applied, I've been back to any websites visited over the past few days that were not our usual browsing sites, and nothing gets blocked.

    Do I need to worry? Would this be normal for someone hosting a web server in his own home, to have his IP address show up in a visitor's site list?

    Amethyst

    ZoneAlarm Security Suite version:6.5.737.000
    TrueVector version:6.5.737.000
    Driver version:6.5.737.000
    Anti-virus Vet engine version:31.1.0.000
    Anti-virus signature DAT file version:31.1.5493.000
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200801.3235
    AntiSpam version:4.8.2.7565

    Operating System:Windows XP Pro
    Software Version:6.5
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: suspicious ip address showed up in my privacy site list

    Maybe yes and maybe no. It could be a file server or an ad server or just a link in a web page. Hard to say - got an IP for me to check out?
    I have seen ad servers and genuine web sites in the IANA Reserved ranges, so who knows what is going on.

    It is impossible to get the exact address for almost any IP in a private residence - country, town, provider and server yes, but the real name of the user and phone number of an user's PC is a not possible.

    There should be a contact email address (maybe even a fax number) stated in the whosis.

    If really in doubt, then use Wireshark (packet sniffer).

    Cheers, Oldsod
    Best regards.
    oldsod

  3. #3
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Hi Oldsod,

    The specific IP address is 66.70.86.45

    I don't understand all the data in the printout I took from the whois data page, but it looks like this person has a block of addresses ranging from 66.70.86.40 - 66.70.86.49, so I blocked the specific address that was on my list, plus the entire IP range.

    I looked up info first at the arinwhois site, and then I found www.completewhois.com/cgi2/whois.cgi and I've got 4 pages printed out from that, most of which I don't understand. :-)

    I won't publicize the name...unless I have reason to believe there is a problem. I just want to know what business this IP address had with my computer. Maybe it was legit, but that 'private residence' thing kind of bugged me. But I know people do host websites from their own homes.

    Amethyst

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: suspicious ip address showed up in my privacy site list

    Oh you mean datapipe.com the shared web host?

    OK I tried a tracert and got timed out. So used an online tracert - usually works.

    http://network-tools.com/default.asp...st=66.70.86.45

    Ok it is this:

    vl12.dist1-1.ewr.datapipe.net

    or this:

    http://network-tools.com/default.asp...st=66.70.86.45

    I did the Network Lookup for 66.70.86.45 at Network-Tools.com and got the same initial results as you did (private residence). [Ok, but .... each IP can have as many as 254 different name domains]
    The phone number for Abuse and the email address and the Contact is from the web host itself. You could email them and find out what gives.

    Tried the abuse.net lookup and got zero - same result for the spamhaus lookup. Neither will see it as a valid domain with a proper DNS. Seems doubtful if the site is malicious.

    Hmmm.. back to ewr.datapipe.net

    OK robotex usually comes through. ...

    http://www.robtex.com/dns/ewr.datapipe.net.html

    better yet,

    http://www.robtex.com/dns/dist1-1.ewr.datapipe.net.html

    which brings us to

    http://www.robtex.com/dns/vl12.dist1...apipe.net.html


    Okay below here is correctly listed sites for the vl12.dist1-1.ewr.datapipe.net URL.

    Fun Huh?
    Oldsod

    Message Edited by Oldsod on 01-29-2008 02:27 AM
    Best regards.
    oldsod

  5. #5
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Interesting links. Thanks, Oldsod.

    I've sent e-mails to abuse@datapipe.com, hostmaster@datapipe.com, and arin@datapipe.com so maybe they can shed some light on this. In the meantime, in my usual surfing, I haven't had any alerts from ZA about these ISP's, nor have I noticed any trouble with my usual web pages. I had gone back to a few that we've been to over the last few days, any that we've gone to that we don't usually visit, and nothing came up there either. I'm looking forward to the replies to my e-mails.

    Amethyst

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: suspicious ip address showed up in my privacy site list

    Another source to check is the router- if it is one that logs all connections for the week - grab the log and do a search. Somewhere in there is the other connections involved and this may help trace it.

    Packet sniffers like wireshark is helpful or even network monitor from MS. But some can be set to specific ports or IP's.

    The command can log all activity for a period of time (log will get huge! in no time):
    [*]Type command in the Windows Run box.[*]Type "netstat -b 5 > activity.txt" and press enter. After a few minutes, press Ctrl+C.[*]Type "activity.txt" on the command line to open the log file in the notepad.

    The file activity.txt will create a log of all process that made a connection to the Internet in the last few minutes. It will show which process connected to which website in that time period. All including the web browsers (like iexplore.exe or opera.exe), the log will also show your IM clients, download managers, email programs or any software that requires a net connection.

    Another source is the ZA firewall log kept in the Internet Logs in the WINDOWS Directory.

    My own favorite is the ProtoWall log- it lists each and every IP allowed and blocked, with source and destination ports and with protocols . It runs in the network properties before any firewall as a network driver. It logs and blocks/allows almost every protocol used.

    Oldsod

    Message Edited by Oldsod on 01-29-2008 02:11 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •