i run a small LAN that has public ip's on the different computers. i have set up the security precautions to log all attempts to gain access to my computer by an outside internet based source.
the issue (not really a problem at this juncture) is that there is one source in particular that has been repeatedly making access attempts. ARIN has given me the name and source of the various ip's making these attempts. just for arguement's sake, the source is


Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695

i have made calls to this organization as to the nature of their attempts, and have had to leave voicemails for a guy named "Bill". as of yet there have been no responses from him.

is there a way to make this sort of thing stop (one or two attempts are normal, i'm sure due to the existance of "web crawlers" and such, but i think over the past week alone i have logged about 50 different instances for the above mentioned source. that makes me a little nervous. they are making attempts using a variety of ip adresses, protocols and ports). i have asked "Bill" in my voicemails to cease, but i would like to also know what their intent is as well.

any input from anyone?

[This message has been edited by smaier69 (edited 08-10-2000).]

[This message has been edited by smaier69 (edited 08-10-2000).]

okay, i have an update to my above post.

Bill called me back (a nice guy, by the way), and he said they work with ARIN on some level dealing with internet number allocations. he was very honest and forthcoming, and i feel kind of guilty about assuming he/his company was up to no good.

at any rate, we both came to the tenative conclusion that it is probably a hacker who is spoofing his ip address (bill told me they dont have or use the ip's that i have logged) i guess the next step is to contact my isp, since they are doing the routing. i will post any updates/information i get.

any other suggestions/insight is also appreciated

Well, I would bet that the probes are coming from them somehow. They sure have the capability to do whatever they want with computers! "Bill", the guy you talked to just doesn't know about it!

ISI (http://www.isi.edu/)

I have that same problem too smaier69. They are doing it right now to get into my computer.


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for spec

Their phone number is 310-823-9358. Can someone call in the US as I am in Sydney. My McAfee tracer says these are the areas of locations are New York, Mexico Ciudad De, Santa Fe De Bogota, Lima, Sao Paulo, Moskva, Istanbul, Bombay, Seoul, Manila and Jakarta.

Rosanna

rosana do you realize that this thread is 6 years old?

:eek:

rosana do you realize that this thread is 6 years old?

:eek:

LMAO!!

i could be manny years old but im still getting attacks from that source.... i dont know what the hell theyre trying to do but its continuous..... heres the info below......


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

rosana do you realize that this thread is 6 years old?

:eek:

Don't you clean up your forums? rofl.

Also, do what the rest of us do... Deny the access, and run a virus scan - other than your firewall software.

For all you know that business name is a fake.

Old thread, I know, but I too am getting this, but it is being detected as "Zune Bus Enumerator", I just installed my new Zune software so I figured it was an update for the software or something, but I'm getting a message litterally every 2-5 minutes saying it has been blocked. Which is pretty scary if you ask me.

Here is the backtrace from my firewall:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org



Any information on this would be helped.

The 192.168.0.0/16 is reserved for private networks. A good example of a private network is one, two, three or more home computers connected to DSL or Cable through a cheap router.

While it is remotely possible that someone from outside is attempting to access your internal network on this IP range (or the 10. previously mentioned) it is more likely that the activity in question is taking place from within your network.

The fact that you are seeing internal traffic on this network range is not usually something worthy of sounding an alarm and jumping to conclusions. There are perfectly safe and normal reasons for seeing traffic related to an internal/private IP range.

While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

The likelihood of the alert responding to something malicious is plausible but unlikely. I would suggest running a good antivirus program with up to date virus definitions and monitor your port traffic to see which ports are actively listening.

Start by running some netstat commands.

Good luck.

While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

The likelihood of the alert responding to something malicious is plausible but unlikely.

Tad bit condescending and imo misleading.

OSULLY

Just a note... Today, my roommate's Internet Gaming League account was hacked and all user accounts in his league were deleted. When the site's tech support was consulted, he was given this IP: 10.7.168.31...Which yeilded the same whois info as noted above.

Bloody obvious scam off a craigslist posting today, and all of the IPs in the header are registered to:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US