Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: suspicious ip address showed up in my privacy site list

  1. #1
    amethyst Guest

    Default suspicious ip address showed up in my privacy site list

    I don't know how long it was there, as I don't check this list every day, but IP addresses there sure do catch my eye.

    So I did an arin search, and this IP address belongs to a person in a private residence in Hoboken, NJ. I have blocked that address as well as the entire range of addresses that showed up by entering them and the IP address range in the blocked zone. I rebooted the computer. I have done a white pages search with this person's name and I don't come up with anything. It would have been nice to be able to phone this person and say, "Hey, whazzup with this?" The word "datapipe" is mentioned in the writeup. I will be phoning the telephone numbers provided in the morning.

    Feeling kind of ill about this right now actually. This must have come from a website. With the blocks applied, I've been back to any websites visited over the past few days that were not our usual browsing sites, and nothing gets blocked.

    Do I need to worry? Would this be normal for someone hosting a web server in his own home, to have his IP address show up in a visitor's site list?

    Amethyst

    ZoneAlarm Security Suite version:6.5.737.000
    TrueVector version:6.5.737.000
    Driver version:6.5.737.000
    Anti-virus Vet engine version:31.1.0.000
    Anti-virus signature DAT file version:31.1.5493.000
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200801.3235
    AntiSpam version:4.8.2.7565

    Operating System:Windows XP Pro
    Software Version:6.5
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: suspicious ip address showed up in my privacy site list

    Maybe yes and maybe no. It could be a file server or an ad server or just a link in a web page. Hard to say - got an IP for me to check out?
    I have seen ad servers and genuine web sites in the IANA Reserved ranges, so who knows what is going on.

    It is impossible to get the exact address for almost any IP in a private residence - country, town, provider and server yes, but the real name of the user and phone number of an user's PC is a not possible.

    There should be a contact email address (maybe even a fax number) stated in the whosis.

    If really in doubt, then use Wireshark (packet sniffer).

    Cheers, Oldsod
    Best regards.
    oldsod

  3. #3
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Hi Oldsod,

    The specific IP address is 66.70.86.45

    I don't understand all the data in the printout I took from the whois data page, but it looks like this person has a block of addresses ranging from 66.70.86.40 - 66.70.86.49, so I blocked the specific address that was on my list, plus the entire IP range.

    I looked up info first at the arinwhois site, and then I found www.completewhois.com/cgi2/whois.cgi and I've got 4 pages printed out from that, most of which I don't understand. :-)

    I won't publicize the name...unless I have reason to believe there is a problem. I just want to know what business this IP address had with my computer. Maybe it was legit, but that 'private residence' thing kind of bugged me. But I know people do host websites from their own homes.

    Amethyst

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: suspicious ip address showed up in my privacy site list

    Oh you mean datapipe.com the shared web host?

    OK I tried a tracert and got timed out. So used an online tracert - usually works.

    http://network-tools.com/default.asp...st=66.70.86.45

    Ok it is this:

    vl12.dist1-1.ewr.datapipe.net

    or this:

    http://network-tools.com/default.asp...st=66.70.86.45

    I did the Network Lookup for 66.70.86.45 at Network-Tools.com and got the same initial results as you did (private residence). [Ok, but .... each IP can have as many as 254 different name domains]
    The phone number for Abuse and the email address and the Contact is from the web host itself. You could email them and find out what gives.

    Tried the abuse.net lookup and got zero - same result for the spamhaus lookup. Neither will see it as a valid domain with a proper DNS. Seems doubtful if the site is malicious.

    Hmmm.. back to ewr.datapipe.net

    OK robotex usually comes through. ...

    http://www.robtex.com/dns/ewr.datapipe.net.html

    better yet,

    http://www.robtex.com/dns/dist1-1.ewr.datapipe.net.html

    which brings us to

    http://www.robtex.com/dns/vl12.dist1...apipe.net.html


    Okay below here is correctly listed sites for the vl12.dist1-1.ewr.datapipe.net URL.

    Fun Huh?
    Oldsod

    Message Edited by Oldsod on 01-29-2008 02:27 AM
    Best regards.
    oldsod

  5. #5
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Interesting links. Thanks, Oldsod.

    I've sent e-mails to abuse@datapipe.com, hostmaster@datapipe.com, and arin@datapipe.com so maybe they can shed some light on this. In the meantime, in my usual surfing, I haven't had any alerts from ZA about these ISP's, nor have I noticed any trouble with my usual web pages. I had gone back to a few that we've been to over the last few days, any that we've gone to that we don't usually visit, and nothing came up there either. I'm looking forward to the replies to my e-mails.

    Amethyst

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: suspicious ip address showed up in my privacy site list

    Another source to check is the router- if it is one that logs all connections for the week - grab the log and do a search. Somewhere in there is the other connections involved and this may help trace it.

    Packet sniffers like wireshark is helpful or even network monitor from MS. But some can be set to specific ports or IP's.

    The command can log all activity for a period of time (log will get huge! in no time):
    [*]Type command in the Windows Run box.[*]Type "netstat -b 5 > activity.txt" and press enter. After a few minutes, press Ctrl+C.[*]Type "activity.txt" on the command line to open the log file in the notepad.

    The file activity.txt will create a log of all process that made a connection to the Internet in the last few minutes. It will show which process connected to which website in that time period. All including the web browsers (like iexplore.exe or opera.exe), the log will also show your IM clients, download managers, email programs or any software that requires a net connection.

    Another source is the ZA firewall log kept in the Internet Logs in the WINDOWS Directory.

    My own favorite is the ProtoWall log- it lists each and every IP allowed and blocked, with source and destination ports and with protocols . It runs in the network properties before any firewall as a network driver. It logs and blocks/allows almost every protocol used.

    Oldsod

    Message Edited by Oldsod on 01-29-2008 02:11 PM
    Best regards.
    oldsod

  7. #7
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Thanks, Oldsod!

    I'll follow up here when I get a reply from Datapipe. I might check the router log as well, although the only way I can get into the interface is to completely shut down ZASS, and I don't like doing that. (I've tried everything else and, unfortunately, shutting it down entirely is the only thing that works, and I'm not really comfortable with turning off my firewall, especially now.)

    Amethyst

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: suspicious ip address showed up in my privacy site list

    Check the other post concerning the pop up blocker and apply the same advice. If still stuck then allow all (or put the Privacy slider to Off). I assume you can enter the router in the listing using the IP of the router. Oldsod

    BTW, if very serious about router logs, some routers have provisions to email the logs to the PC on a weekly basis. Router logs are still the best - anything bypassing the firewall (BHO, rootkit, etc) will still have it's activity logged by the router. Anything passing through is always seen and logged.
    Best regards.
    oldsod

  9. #9
    amethyst Guest

    Default Re: suspicious ip address showed up in my privacy site list

    Thanks Oldsod, I was able to get into my router's configuration page more easily by following your advice. The way it is, you can only see logs for the most recent traffic.

    Still waiting to hear from Datapipe...I think I might actually pick up the telephone if I don't see any communication from them. Thanks for the advice!

    Amethyst

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: suspicious ip address showed up in my privacy site list

    I have a feeling this specific server was used as a temporary server or maybe a fall back server. It may even be some relay server or mini backbone server. There are individuals with internet servers on their own property; educated, experienced people and it is profitable (although the have to be attending every day much like farm chores).

    You could set the router to email the weeks log to the PC. Even if you didn't look frequently at the logs, they will be there for references.

    But I am more than interested in what the hosting company has to say about the event, so please let me know . Cheers, Oldsod
    Best regards.
    oldsod

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •