| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 61052 | 2005-08-23 06:24:00 | Default Block Bla Trojan horse | Citizen_of_Saturn (8765) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 383109 | 2005-08-23 06:24:00 | I was alerted by Norton Internet Security today that an attack was blocked on my computer right when I turned it on. This is particularly suspicious to me because I only had this computer for a few weeks. These are the details it provided me... Time: 3:43 PM Date: 8-22-2005 Protocol: UDP (Inbound) Remote Address: 192.168.2.16 : 1042 Local Address: 127.0.0.1 : 1042 Location: Default A remote computer (192.168.2.16) attempted to connect to your computer on a port commonly used by a remote access Trojan horse (Default Block Bla Trojan horse). The attempt was blocked.If anyone could trace the IP included or otherwise shed light on this, I'd be tremendously grateful. |
Citizen_of_Saturn (8765) | ||
| 383110 | 2005-08-23 06:29:00 | That IP belongs to an internal IP range, eg from another networked computer within the local network. Is your computer part of a network? Welcome to PressF1 as well :) |
Jen (38) | ||
| 383111 | 2005-08-23 06:32:00 | Query 192.168.2.16 at whois.thur.de Process query: '192.168.2.16' Query recognized as IP. Querying whois.arin.net:43 with whois. OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 192.168.0.0 - 192.168.255.255 CIDR: 192.168.0.0/16 NetName: IANA-CBLK1 NetHandle: NET-192-168-0-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Comment: Please see RFC 1918 for additional information. |
zqwerty (97) | ||
| 383112 | 2005-08-23 06:35:00 | It looks like its a local network address. 127.0.0.1 is localhost 192.168.2.16 sounds like its part of the / a network. If u want to find out WHERE it is, click on the globe on the taskbar, right mouse / show alert when the globe is flashing it'll ask u if u want more info on the ip. Say YES, and it'll bring up a world map, showing u where in the world its coming from. I wouldn't worry about it, the firewall stopped it. Open NIS then go to stats/view logs/alerts, or it maybe under Intrusion detection/firewall. Find this entry and click on the disk to save the log as a txt file. Then go somewhere like here www.all-nettools.com put the originating ip address in the first box. When it tells u where it is, send an email to abuse@whateverisp, if it shows it. |
Speedy Gonzales (78) | ||
| 383113 | 2005-08-23 06:48:00 | That is a local network address. It isn't coming from anywhere on the Internet. It is in one of the groups of addresses which are "non-routable", explicitly made available so that people can have addresses on their own LANs without having to get addresses officially assigned. They are non-routable so you, your neighbour and hundreds of others across the world can use the same addresses in their LANs without causing major problems on the Internet. Look for something in your system, trying to connect to that machine. have you got an ADSL router? That might be the culprit if it has been "got at" from outside, but that's an unusual IP address to be given one to a router. |
Graham L (2) | ||
| 383114 | 2005-08-31 21:46:00 | as the previous guy said thats a local address check and see if your on a wireless net and if so if it is secure | kb9vgr (8766) | ||
| 1 | |||||