140.206.54.174 anyone seen this?

Discussion in 'Computer Security' started by EL, Nov 16, 2004.

  1. EL

    EL Guest

    I have a VPN gateway. I keep seeing this ip address over and over again.
    A friend of mine that works in another state say's in his network see's this
    ip140.206.54.174 also.

    It is not pingable or you cant traceroute to it. So who is it? That address
    is trying to VPN in because of the log's we see.

    Thanks
    EL, Nov 16, 2004
    #1
    1. Advertising

  2. EL

    duff Guest

    EL wrote:
    > I have a VPN gateway. I keep seeing this ip address over and over again.
    > A friend of mine that works in another state say's in his network see's this
    > ip140.206.54.174 also.
    >
    > It is not pingable or you cant traceroute to it. So who is it? That address
    > is trying to VPN in because of the log's we see.
    >
    > Thanks
    >
    >


    Well, there are a lot of possibilites. It could be a hack-bot deployed
    on a computer with a masked IP, which randomly targets different
    gateways. It could be a glitch in your software as well. However, it is
    probably a masked IP, if you cannot ping or traceroute it. Which means
    that it is probably a hacker or a hack-bot.

    -Duff
    duff, Nov 16, 2004
    #2
    1. Advertising

  3. EL

    Moe Trin Guest

    In article <hqcmd.6553$>, EL wrote:

    >I have a VPN gateway. I keep seeing this ip address over and over again.
    >A friend of mine that works in another state say's in his network see's this
    >ip140.206.54.174 also.


    [compton ~]$ arinwhois 140.206.54.174
    [whois.arin.net]

    No match found for 140.206.54.174.

    # ARIN WHOIS database, last updated 2004-11-15 19:10
    [compton ~]$ zgrep ' 140.20[3-9]' IP.ADDR/stats/[ALR]*
    IP.ADDR/stats/ARIN.gz:US 140.204.0.0 255.255.0.0 assigned
    IP.ADDR/stats/ARIN.gz:US 140.208.0.0 255.255.0.0 assigned
    IP.ADDR/stats/ARIN.gz:US 140.209.0.0 255.255.0.0 assigned
    IP.ADDR/stats/RIPE.gz:EU 140.203.0.0 255.255.0.0 assigned
    [compton ~]$

    The address is unallocated/unassigned.

    >It is not pingable or you cant traceroute to it.


    You're posting with windoze outhouse express. The incredibly broken
    tracert that comes from microshaft uses ping (ICMP Type 8) rather than
    UDP packets that the original traceroute uses. Thus, anyone blocking pings
    is going to break the function tracert depends on. However, as there is no
    network assigned to use the address space between 140.205.0.0 and
    140.207.255.255, the first router with a clue is going to return an ICMP
    Type 3 Code 0, 1, 6, or 7, saying you can't get there from here.

    >So who is it? That address is trying to VPN in because of the log's we see.


    Post the _exact_ logs. If you can run a sniffer like 'ethereal' or 'tcpdump'
    or have a passive fingerprinting application like ettercap, NIDS, n0t, natdet,
    p0f, or prelude-ids, post the packet headers or signature data.

    Old guy
    Moe Trin, Nov 16, 2004
    #3
  4. EL

    donnie Guest

    On Mon, 15 Nov 2004 21:07:56 -0500, duff <>
    wrote:

    >EL wrote:
    >> I have a VPN gateway. I keep seeing this ip address over and over again.
    >> A friend of mine that works in another state say's in his network see's this
    >> ip140.206.54.174 also.
    >>
    >> It is not pingable or you cant traceroute to it. So who is it? That address
    >> is trying to VPN in because of the log's we see.
    >>
    >> Thanks
    >>
    >>

    >
    >Well, there are a lot of possibilites. It could be a hack-bot deployed
    >on a computer with a masked IP, which randomly targets different
    >gateways. It could be a glitch in your software as well. However, it is
    >probably a masked IP, if you cannot ping or traceroute it. Which means
    >that it is probably a hacker or a hack-bot.
    >
    >-Duff

    ##########################
    I ran whois on a bunch of whois servers.
    Here are some of the results:
    Networks in this range were allocated by InterNIC prior to the
    formation of Regional Internet Registries (RIRs): APNIC, ARIN, LACNIC
    and RIPE. Address ranges from this historical space have now
    been transferred to the appropriate RIR database. If your search has
    returned this record, it means the address range is not administered
    by APNIC.: Instead, please search one of the following databases:

    I searched all of them and one pointed me to Iana.org which said
    domain not found. Apparently, it is not assigned at all, which is
    hard to believe since there was always talk about IP4 running out of
    addresses.
    donnie.
    I
    donnie, Nov 17, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Yehavi Bourvine
    Replies:
    0
    Views:
    464
    Yehavi Bourvine
    Apr 30, 2004
  2. Jono
    Replies:
    2
    Views:
    613
    Ivor Jones
    Feb 11, 2006
  3. Lahdee

    Dynamics AX 3.0 MB6-206

    Lahdee, May 7, 2006, in forum: MCSE
    Replies:
    0
    Views:
    868
    Lahdee
    May 7, 2006
  4. Sylassa
    Replies:
    0
    Views:
    706
    Sylassa
    Apr 1, 2005
  5. tonyhourchildren

    Changing IP address of PIX 206

    tonyhourchildren, Feb 10, 2011, in forum: Cisco
    Replies:
    0
    Views:
    500
    tonyhourchildren
    Feb 10, 2011
Loading...

Share This Page