Preserved Topic: recognize this IP? $Pages that link to <a href="https://ozoneasylum.com/backlink?for=17212" title="Pages that link to Preserved Topic: recognize this IP?" rel="nofollow" >Preserved Topic: recognize this IP?\$

Author	Thread
JKMabry Maniac (V) Inmate From: out of a sleepy funk Insane since: Aug 2000	posted 10-10-2002 04:48 Anyone recognize this info from ARIN as a possible nefarious source? ---------------------------------------------------------------------------- OrgName: RIPE Network Coordination Centre OrgID: RIPE NetRange: 62.0.0.0 - 62.255.255.255 CIDR: 62.0.0.0/8 NetName: RIPE-C3 NetHandle: NET-62-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS.RIPE.NET NameServer: AUTH03.NS.UU.NET NameServer: NS2.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: MUNNARI.OZ.AU NameServer: NS.APNIC.NET Comment: These addresses have been further assigned to users in the RIPE NCC region. Contact information can be found in the RIPE database at whois.ripe.net RegDate: 1997-04-25 Updated: 2002-09-11 OrgTechHandle: RIPE-NCC-ARIN OrgTechName: Reseaux IP European Network Co-ordination Centre S OrgTechPhone: +31 20 535 4444 OrgTechEmail: nicdb@ripe.net # ARIN Whois database, last updated 2002-10-09 19:05 # Enter ? for additional hints on searching ARIN's Whois database. ----------------------------------------------------------------------------- My firewall just blocked something trying to access this IP from my computer. After looking up the IP it looked familiar but I can't quite put my finger on where I've seen it before. Thought someone here may know? Jason
Suho1004 Maniac (V) Inmate From: Seoul, Korea Insane since: Apr 2002	posted 10-10-2002 07:13 Trying to access the Internet from your computer? Sounds like you've got a program running somewhere trying to phone home. Could be spyware, or it could be something more innocent. You might want to see what progs the system is running currently. As for the IP, it doesn't ring any bells. [Edit: Do you have AdAware? If so, run it and see what comes up.] Cell 270 [This message has been edited by Suho1004 (edited 10-10-2002).]
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 10-10-2002 08:04 JKMabry, in the whois report that you posted above, I don't see an exact IP address. So, if you want to get more information you'll have to post exact IP address. All I can say from the report is that IP address falls in 62.0.0.0 - 62.255.255.255 range, which is assigned to RIPE, and since RIPE is responsible for European IP addresses, the server is located somewhere in Europe...
JKMabry Maniac (V) Inmate From: out of a sleepy funk Insane since: Aug 2000	posted 10-10-2002 19:48 I thought the full text of the whois would be enough maX but if it helps any further the specific IP and port: 62.30.10.37:9598 The RIPE rings a bell, if I recall we had someone getting our system at a previous employer out of this same block, I think it was a university in Europe... Jason
Nimraw Paranoid (IV) Inmate From: Styx Insane since: Sep 2000	posted 10-10-2002 20:02 Well the SUNIC.SUNET.SE (nameserver) is the "Swedish University NETwork" They use to be pretty friendly if you're experiencing trouble..
DocOzone Maniac (V) Lord Mad Scientist Sovereign of all the lands Ozone and just beyond that little green line over there... From: Stockholm, Sweden Insane since: Mar 1994	posted 10-10-2002 20:18 Well, to me it appears to be a dynamic IP for a (possibly dialup?) connection through this ISP in the UK, www.blueyonder.co.uk - they would be the people you'd have to call. If you get a responsible sysadmin they'll be able to tell who had that IP at that exact moment. Note that they'll want the exact moment, something like "about 8:00" won't be good enough. Note also that they might not tell you who it was, although they'd probably take some action on their own initiative, hard to tell. (They might do nothing, all depends on the people usually.) Your pal, -doc-

Preserved Topic: recognize this IP?\$

Author

Thread

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted 10-10-2002 04:48

Anyone recognize this info from ARIN as a possible nefarious source?
----------------------------------------------------------------------------

OrgName: RIPE Network Coordination Centre
OrgID: RIPE

NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS.RIPE.NET
NameServer: AUTH03.NS.UU.NET
NameServer: NS2.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: MUNNARI.OZ.AU
NameServer: NS.APNIC.NET
Comment: These addresses have been further assigned to users in
the RIPE NCC region. Contact information can be found in
the RIPE database at whois.ripe.net

RegDate: 1997-04-25
Updated: 2002-09-11

OrgTechHandle: RIPE-NCC-ARIN
OrgTechName: Reseaux IP European Network Co-ordination Centre S
OrgTechPhone: +31 20 535 4444
OrgTechEmail: nicdb@ripe.net

# ARIN Whois database, last updated 2002-10-09 19:05
# Enter ? for additional hints on searching ARIN's Whois database.
-----------------------------------------------------------------------------

My firewall just blocked something trying to access this IP *from* my computer. After looking up the IP it looked familiar but I can't quite put my finger on where I've seen it before. Thought someone here may know?

Jason

Suho1004
Maniac (V) Inmate

From: Seoul, Korea
Insane since: Apr 2002

posted 10-10-2002 07:13

Trying to access the Internet from your computer? Sounds like you've got a program running somewhere trying to phone home. Could be spyware, or it could be something more innocent. You might want to see what progs the system is running currently. As for the IP, it doesn't ring any bells.

[Edit: Do you have AdAware? If so, run it and see what comes up.]

Cell 270

[This message has been edited by Suho1004 (edited 10-10-2002).]

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 10-10-2002 08:04

JKMabry, in the whois report that you posted above, I don't see an exact IP address. So, if you want to get more information you'll have to post exact IP address. All I can say from the report is that IP address falls in 62.0.0.0 - 62.255.255.255 range, which is assigned to RIPE, and since RIPE is responsible for European IP addresses, the server is located somewhere in Europe...

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted 10-10-2002 19:48

I thought the full text of the whois would be enough maX but if it helps any further the specific IP and port:

62.30.10.37:9598

The RIPE rings a bell, if I recall we had someone getting our system at a previous employer out of this same block, I think it was a university in Europe...

Jason

Nimraw
Paranoid (IV) Inmate

From: Styx
Insane since: Sep 2000

posted 10-10-2002 20:02

Well the SUNIC.SUNET.SE (nameserver) is the "Swedish University NETwork"

They use to be pretty friendly if you're experiencing trouble..

DocOzone
Maniac (V) Lord Mad Scientist
Sovereign of all the lands Ozone and just beyond that little green line over there...

From: Stockholm, Sweden
Insane since: Mar 1994

posted 10-10-2002 20:18

Well, to me it appears to be a dynamic IP for a (possibly dialup?) connection through this ISP in the UK, www.blueyonder.co.uk - they would be the people you'd have to call. If you get a responsible sysadmin they'll be able to tell who had that IP at that exact moment. Note that they'll want the *exact* moment, something like "about 8:00" won't be good enough. Note also that they might not tell you who it was, although they'd probably take some action on their own initiative, hard to tell. (They might do nothing, all depends on the people usually.)

Your pal, -doc-