Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > question about a blocked attack including other's IP address

Reply
Thread Tools

question about a blocked attack including other's IP address

 
 
yellow submarine
Guest
Posts: n/a
 
      09-30-2003
Please, can any of you make any sense of the following? Please let me know
via newsgroup. Thanks.
CustName: Comcast Cable Communications, IP Services
Address: 3 Executive Campus
Address: 5th Floor
City: Cherry Hill
StateProv: NJ
PostalCode: 08002
Country: US
RegDate: 2003-06-19
Updated: 2003-06-19

NetRange: 67.168.128.0 - 67.168.191.255
CIDR: 67.168.128.0/18
NetName: WASHINGTON-5
NetHandle: NET-67-168-128-0-1
Parent: NET-67-160-0-0-1
NetType: Reassigned
Comment: NONE
RegDate: 2003-06-19
Updated: 2003-06-19

OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: http://www.velocityreviews.com/forums/(E-Mail Removed)

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications, Inc.
OrgTechPhone: +1-856-317-7300
OrgTechEmail: (E-Mail Removed)

# ARIN WHOIS database, last updated 2003-09-27 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.


 
Reply With Quote
 
 
 
 
trout
Guest
Posts: n/a
 
      09-30-2003
yellow submarine wrote:

> Please, can any of you make any sense of the following? Please let me
> know via newsgroup. Thanks.
> CustName: Comcast Cable Communications, IP Services

<snip>

I'm curious about what, in your opinion, constitutes an "attack"?
--
"What firewall do you use?"


 
Reply With Quote
 
 
 
 
yellow submarine
Guest
Posts: n/a
 
      09-30-2003
Norton personal firewall 2003, and why should that matter?
"trout" <(E-Mail Removed)> wrote in message
news:blapgo$9qgrt$(E-Mail Removed)-berlin.de...
> yellow submarine wrote:
>
> > Please, can any of you make any sense of the following? Please let me
> > know via newsgroup. Thanks.
> > CustName: Comcast Cable Communications, IP Services

> <snip>
>
> I'm curious about what, in your opinion, constitutes an "attack"?
> --
> "What firewall do you use?"
>
>



 
Reply With Quote
 
trout
Guest
Posts: n/a
 
      09-30-2003
yellow submarine wrote:

> Norton personal firewall 2003, and why should that matter?


What matters; is if you are interpreting normal background net
activity as "attacks". If you try to trace every ping, and consider it a
malicious act; it's going to be a full-time job.
If you are doing this out of curiosity; I'm sure someone will give
you more information about what this is. I'm just saying that there's no
real *need* to know, and no cause for suspicion unless it the same IP a
great number of times over a period of time. Most people just turn the
alerts off, and let the firewall do its job.

> "trout" <(E-Mail Removed)> wrote in message
> news:blapgo$9qgrt$(E-Mail Removed)-berlin.de...
>> yellow submarine wrote:
>>
>>> Please, can any of you make any sense of the following? Please let
>>> me know via newsgroup. Thanks.
>>> CustName: Comcast Cable Communications, IP Services

>> <snip>
>>
>> I'm curious about what, in your opinion, constitutes an "attack"?
>> --
>> "What firewall do you use?"




 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      09-30-2003
Yes, that is a whois lookup for Comcast. What's your question?


On Tue, 30 Sep 2003 02:09:24 GMT, in
<oB5eb.45658$(E-Mail Removed) .net>
"yellow submarine" <I (E-Mail Removed)_want no spam> scrawled:

>Please, can any of you make any sense of the following? Please let me know
>via newsgroup. Thanks.
>
>CustName: Comcast Cable Communications, IP Services
>Address: 3 Executive Campus
>Address: 5th Floor
>City: Cherry Hill
>StateProv: NJ
>PostalCode: 08002
>Country: US
>RegDate: 2003-06-19
>Updated: 2003-06-19
>
>NetRange: 67.168.128.0 - 67.168.191.255
>CIDR: 67.168.128.0/18
>NetName: WASHINGTON-5
>NetHandle: NET-67-168-128-0-1
>Parent: NET-67-160-0-0-1
>NetType: Reassigned
>Comment: NONE
>RegDate: 2003-06-19
>Updated: 2003-06-19
>
>OrgAbuseHandle: NAPO-ARIN
>OrgAbuseName: Network Abuse and Policy Observance
>OrgAbusePhone: +1-856-317-7272
>OrgAbuseEmail: (E-Mail Removed)
>
>OrgTechHandle: IC161-ARIN
>OrgTechName: Comcast Cable Communications, Inc.
>OrgTechPhone: +1-856-317-7300
>OrgTechEmail: (E-Mail Removed)
>
># ARIN WHOIS database, last updated 2003-09-27 19:15
># Enter ? for additional hints on searching ARIN's WHOIS database.
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
yellow submarine
Guest
Posts: n/a
 
      09-30-2003
Norton firewall sent it from their site.
"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes, that is a whois lookup for Comcast. What's your question?
>
>
> On Tue, 30 Sep 2003 02:09:24 GMT, in
> <oB5eb.45658$(E-Mail Removed) .net>
> "yellow submarine" <I (E-Mail Removed)_want no spam> scrawled:
>
> >Please, can any of you make any sense of the following? Please let me

know
> >via newsgroup. Thanks.
> >
> >CustName: Comcast Cable Communications, IP Services
> >Address: 3 Executive Campus
> >Address: 5th Floor
> >City: Cherry Hill
> >StateProv: NJ
> >PostalCode: 08002
> >Country: US
> >RegDate: 2003-06-19
> >Updated: 2003-06-19
> >
> >NetRange: 67.168.128.0 - 67.168.191.255
> >CIDR: 67.168.128.0/18
> >NetName: WASHINGTON-5
> >NetHandle: NET-67-168-128-0-1
> >Parent: NET-67-160-0-0-1
> >NetType: Reassigned
> >Comment: NONE
> >RegDate: 2003-06-19
> >Updated: 2003-06-19
> >
> >OrgAbuseHandle: NAPO-ARIN
> >OrgAbuseName: Network Abuse and Policy Observance
> >OrgAbusePhone: +1-856-317-7272
> >OrgAbuseEmail: (E-Mail Removed)
> >
> >OrgTechHandle: IC161-ARIN
> >OrgTechName: Comcast Cable Communications, Inc.
> >OrgTechPhone: +1-856-317-7300
> >OrgTechEmail: (E-Mail Removed)
> >
> ># ARIN WHOIS database, last updated 2003-09-27 19:15
> ># Enter ? for additional hints on searching ARIN's WHOIS database.
> >

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
Thund3rstruck
Guest
Posts: n/a
 
      09-30-2003
yellow submarine Spilled my beer when they jumped on the table and
proclaimed in
<YQ5eb.45677$(E-Mail Removed) k.net>:

> Norton personal firewall 2003, and why should that matter?


How many times did it happen? What port did it come on?

If it happened once, twice, or even three times, it could have been
normal traffic noise or a few packets that got lost somehow. However,
if it happenned over 10 to 20 times, it might have been an attack or
a virus. (Depends on the port. <G>)

So, how many times did it happen, and what port was it on?

NOI
 
Reply With Quote
 
Boomer
Guest
Posts: n/a
 
      09-30-2003
yellow submarine wrote:

> Norton firewall sent it from their site.
> "°Mike°" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Yes, that is a whois lookup for Comcast. What's your question?


As Mike asked, "What's your question?".

>> On Tue, 30 Sep 2003 02:09:24 GMT, in
>> <oB5eb.45658$(E-Mail Removed) .net>
>> "yellow submarine" <I (E-Mail Removed)_want no
>> spam> scrawled:
>>
>> >Please, can any of you make any sense of the following? Please
>> >let me

> know
>> >via newsgroup. Thanks.
>> >
>> >CustName: Comcast Cable Communications, IP Services
>> >Address: 3 Executive Campus
>> >Address: 5th Floor
>> >City: Cherry Hill
>> >StateProv: NJ
>> >PostalCode: 08002
>> >Country: US
>> >RegDate: 2003-06-19
>> >Updated: 2003-06-19
>> >
>> >NetRange: 67.168.128.0 - 67.168.191.255
>> >CIDR: 67.168.128.0/18
>> >NetName: WASHINGTON-5
>> >NetHandle: NET-67-168-128-0-1
>> >Parent: NET-67-160-0-0-1
>> >NetType: Reassigned
>> >Comment: NONE
>> >RegDate: 2003-06-19
>> >Updated: 2003-06-19
>> >
>> >OrgAbuseHandle: NAPO-ARIN
>> >OrgAbuseName: Network Abuse and Policy Observance
>> >OrgAbusePhone: +1-856-317-7272
>> >OrgAbuseEmail: (E-Mail Removed)
>> >
>> >OrgTechHandle: IC161-ARIN
>> >OrgTechName: Comcast Cable Communications, Inc.
>> >OrgTechPhone: +1-856-317-7300
>> >OrgTechEmail: (E-Mail Removed)
>> >
>> ># ARIN WHOIS database, last updated 2003-09-27 19:15
>> ># Enter ? for additional hints on searching ARIN's WHOIS
>> >database.
>> >

>>
>> --
>> Basic computer maintenance
>> http://uk.geocities.com/personel44/maintenance.html

>
>


 
Reply With Quote
 
Petit Alexi
Guest
Posts: n/a
 
      09-30-2003
"yellow submarine" <I (E-Mail Removed)_want no spam> wrote in
news:HDceb.37487$(E-Mail Removed) hlink.net:

> Norton firewall sent it from their site.


<big snip>

Read this:
<http://www.samspade.org/d/firewalls.html>

Especially this bit:

"Why is an end user going to buy / register / upgrade their 'personal
firewall'? They're not going to do so if they don't perceive any benefit
from it. If it were a properly written application that just sat there,
doing its job quietly in the background, users would forget it was there.
But if it pops up warnings about 'attacks' all the time then it's clearly
Doing Something. Most of those warnings are entirely frivolous - normal
network traffic. And the remaining few... well... if the 'personal
firewall' has protected your system from the supposed 'attack'... why do
you care about it? You're safe from that supposed 'attack', right? So why
pop up warnings and alerts? To make you feel you're getting a service
from this program and so you'll pay for updates or 'Pro' versions."


And this bit:

" Turn off all the alerts and logging - you'll just waste your time (and,
more importantly to me, my time and the time of other network
administrators your complaints go to) increase your blood pressure and
provide no benefit to you. If you really want to leave them turned on and
see where traffic is coming from, feel free, but remember that most of
the traffic you see is harmless, and that even if it isn't harmless it
can't affect your system (if it could, it wouldn't be logged). Oh, and
try not to waste admins time with frivolous complaints.

"But, but, but reporting these alerts to network administrators will help
them catch crackers!"

Uhm, no. I know a whole bunch of network security and abuse staff. The
response to any complaint with ZoneAlarm, BlackIce etc logfiles in it is
to close the ticket, usually with an annotation like 'GWF' (Goober with
Firewall). 99% of those reports are frivolous, about normal network
traffic. In the remainder of cases there's nowhere near enough data in
the logfiles to provide any idea of why the end user is upset. If you
send frivolous complaints that just wastes the time of the staff
receiving them and prevents them from handling real security issues. How
do you tell if a complaint is frivolous? If the sender doesn't understand
basic networking, it's almost certainly frivolous. If the sender is
complaining based on 'personal firewall' logs, it's definitely frivolous.

The abuse desk staff I talk with hate users of 'personal firewalls' more
than they hate spammers. That should tell you something about how useful
your complaints will be."

----
Did you read it?

 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      09-30-2003
What the heck does that mean? That's not a question.


On Tue, 30 Sep 2003 10:09:43 GMT, in
<HDceb.37487$(E-Mail Removed) k.net>
"yellow submarine" <I (E-Mail Removed)_want no spam> scrawled:

>Norton firewall sent it from their site.
>
>"°Mike°" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> Yes, that is a whois lookup for Comcast. What's your question?
>>
>>
>> On Tue, 30 Sep 2003 02:09:24 GMT, in
>> <oB5eb.45658$(E-Mail Removed) .net>
>> "yellow submarine" <I (E-Mail Removed)_want no spam> scrawled:
>>
>> >Please, can any of you make any sense of the following? Please let me

>know
>> >via newsgroup. Thanks.
>> >
>> >CustName: Comcast Cable Communications, IP Services
>> >Address: 3 Executive Campus
>> >Address: 5th Floor
>> >City: Cherry Hill
>> >StateProv: NJ
>> >PostalCode: 08002
>> >Country: US
>> >RegDate: 2003-06-19
>> >Updated: 2003-06-19
>> >
>> >NetRange: 67.168.128.0 - 67.168.191.255
>> >CIDR: 67.168.128.0/18
>> >NetName: WASHINGTON-5
>> >NetHandle: NET-67-168-128-0-1
>> >Parent: NET-67-160-0-0-1
>> >NetType: Reassigned
>> >Comment: NONE
>> >RegDate: 2003-06-19
>> >Updated: 2003-06-19
>> >
>> >OrgAbuseHandle: NAPO-ARIN
>> >OrgAbuseName: Network Abuse and Policy Observance
>> >OrgAbusePhone: +1-856-317-7272
>> >OrgAbuseEmail: (E-Mail Removed)
>> >
>> >OrgTechHandle: IC161-ARIN
>> >OrgTechName: Comcast Cable Communications, Inc.
>> >OrgTechPhone: +1-856-317-7300
>> >OrgTechEmail: (E-Mail Removed)
>> >
>> ># ARIN WHOIS database, last updated 2003-09-27 19:15
>> ># Enter ? for additional hints on searching ARIN's WHOIS database.
>> >

>>
>> --
>> Basic computer maintenance
>> http://uk.geocities.com/personel44/maintenance.html

>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IP address blocked Gib Bogle NZ Computing 24 01-11-2012 02:01 AM
Site to open the blocked sites and blocked and encoded alagmy2030 Javascript 0 02-11-2011 11:54 PM
Help SQL Injection Attack Question - newbie to web security Ranginald ASP .Net 10 04-27-2006 12:53 AM
blocked address John Computer Security 4 02-26-2004 04:28 AM
Any one do a mini-few-sec digital handheld videocam for re-attack after violent road rage attack? dorothy.bradbury Digital Photography 15 07-20-2003 11:58 PM



Advertisments