Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > 140.206.54.174 anyone seen this?

Reply
Thread Tools

140.206.54.174 anyone seen this?

 
 
EL
Guest
Posts: n/a
 
      11-16-2004
I have a VPN gateway. I keep seeing this ip address over and over again.
A friend of mine that works in another state say's in his network see's this
ip140.206.54.174 also.

It is not pingable or you cant traceroute to it. So who is it? That address
is trying to VPN in because of the log's we see.

Thanks


 
Reply With Quote
 
 
 
 
duff
Guest
Posts: n/a
 
      11-16-2004
EL wrote:
> I have a VPN gateway. I keep seeing this ip address over and over again.
> A friend of mine that works in another state say's in his network see's this
> ip140.206.54.174 also.
>
> It is not pingable or you cant traceroute to it. So who is it? That address
> is trying to VPN in because of the log's we see.
>
> Thanks
>
>


Well, there are a lot of possibilites. It could be a hack-bot deployed
on a computer with a masked IP, which randomly targets different
gateways. It could be a glitch in your software as well. However, it is
probably a masked IP, if you cannot ping or traceroute it. Which means
that it is probably a hacker or a hack-bot.

-Duff
 
Reply With Quote
 
 
 
 
Moe Trin
Guest
Posts: n/a
 
      11-16-2004
In article <hqcmd.6553$(E-Mail Removed)> , EL wrote:

>I have a VPN gateway. I keep seeing this ip address over and over again.
>A friend of mine that works in another state say's in his network see's this
>ip140.206.54.174 also.


[compton ~]$ arinwhois 140.206.54.174
[whois.arin.net]

No match found for 140.206.54.174.

# ARIN WHOIS database, last updated 2004-11-15 19:10
[compton ~]$ zgrep ' 140.20[3-9]' IP.ADDR/stats/[ALR]*
IP.ADDR/stats/ARIN.gz:US 140.204.0.0 255.255.0.0 assigned
IP.ADDR/stats/ARIN.gz:US 140.208.0.0 255.255.0.0 assigned
IP.ADDR/stats/ARIN.gz:US 140.209.0.0 255.255.0.0 assigned
IP.ADDR/stats/RIPE.gz:EU 140.203.0.0 255.255.0.0 assigned
[compton ~]$

The address is unallocated/unassigned.

>It is not pingable or you cant traceroute to it.


You're posting with windoze outhouse express. The incredibly broken
tracert that comes from microshaft uses ping (ICMP Type rather than
UDP packets that the original traceroute uses. Thus, anyone blocking pings
is going to break the function tracert depends on. However, as there is no
network assigned to use the address space between 140.205.0.0 and
140.207.255.255, the first router with a clue is going to return an ICMP
Type 3 Code 0, 1, 6, or 7, saying you can't get there from here.

>So who is it? That address is trying to VPN in because of the log's we see.


Post the _exact_ logs. If you can run a sniffer like 'ethereal' or 'tcpdump'
or have a passive fingerprinting application like ettercap, NIDS, n0t, natdet,
p0f, or prelude-ids, post the packet headers or signature data.

Old guy

 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      11-17-2004
On Mon, 15 Nov 2004 21:07:56 -0500, duff <(E-Mail Removed)>
wrote:

>EL wrote:
>> I have a VPN gateway. I keep seeing this ip address over and over again.
>> A friend of mine that works in another state say's in his network see's this
>> ip140.206.54.174 also.
>>
>> It is not pingable or you cant traceroute to it. So who is it? That address
>> is trying to VPN in because of the log's we see.
>>
>> Thanks
>>
>>

>
>Well, there are a lot of possibilites. It could be a hack-bot deployed
>on a computer with a masked IP, which randomly targets different
>gateways. It could be a glitch in your software as well. However, it is
>probably a masked IP, if you cannot ping or traceroute it. Which means
>that it is probably a hacker or a hack-bot.
>
>-Duff

##########################
I ran whois on a bunch of whois servers.
Here are some of the results:
Networks in this range were allocated by InterNIC prior to the
formation of Regional Internet Registries (RIRs): APNIC, ARIN, LACNIC
and RIPE. Address ranges from this historical space have now
been transferred to the appropriate RIR database. If your search has
returned this record, it means the address range is not administered
by APNIC.: Instead, please search one of the following databases:

I searched all of them and one pointed me to Iana.org which said
domain not found. Apparently, it is not assigned at all, which is
hard to believe since there was always talk about IP4 running out of
addresses.
donnie.
I
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Like all great travelers, I have seen more than I remember andremember more than I have seen. shenrilaa@gmail.com Java 0 03-06-2008 08:11 AM
Like all great travelers, I have seen more than I remember andremember more than I have seen. shenrilaa@gmail.com C++ 0 03-05-2008 08:41 AM
Like all great travelers, I have seen more than I remember andremember more than I have seen. shenrilaa@gmail.com C Programming 0 03-05-2008 03:26 AM
OT: anyone seen this billyw MCSE 56 09-14-2004 01:17 PM
IE browser problem -- has anyone seen this when running .net? KatB ASP .Net 1 10-24-2003 06:39 PM



Advertisments