I have upgraded to Sygate Personal Firewall. So far I love it! One part of it you have these logs such as Security, Packets and my favorite, Traffic.

According to the "Traffic" log last night, this IP was sniffing around my ports. Anyone have any idea who this is? The Traffic log has built in "Whois" function. This is where this is from. I have seen IANA (sp) before but never this. thanks!!:

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: NL
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-NONE-MNT
changed: [email protected] 20010529
changed: [email protected] 20020625
source: RIPE

role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
e-mail: [email protected]
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
changed: [email protected] 20010411
source: RIPE

You must have picked up a exploited Mp3....

That shitty IP block then sniffs at your ass for awhile...

Do you remember opening a track in WMP or something like it and having IE pop up with some weird site? If so it's cuz ya'll just got nailed by a lame exploit....

Rearrage your Mp3's so their list is different...thats about all you can do to make it seem like the list wasn't yours.

Makes no difference though...they couldn't do anything even the exploit bit without breaking laws...so fuck 'em.

They're in the wrong and your not....and be careful of what you pick up...find only good sources on Kazaa..unless it's rare it should have at least 50+ sources after afew auto search mores. On programs like DC...just stick to hubs that have been around and are trusted.

um wheres the ip address that goes with the whois
u need to supply the ip address as well
matter of fact even if you do provide this ip address it might not matter since who ever was scanning your ports must of got new ip address today.

point is you need to show us the whole log of said ip address as well as a little more informatin because what u are showing here is just ripe networks with a whois

k supply the information

heh guess someone else answered your question to.
but it would be nice to know the individuals ip address who was snooping about.

I have not DL'ed an mp3 in ages. I'm just getting avi's of Anime cartoons. As a matter of fact, I DID have my mp3 collection shared BUT out of approx. 20 DL's I would have 1 user wanting an mp3, so I un-shared them. I have had WinMX up and running since last Wed. so maybe someone thought I had something illegal.

The way I see the avi's I have/have yet to get is: They are from a TV capture so, therefore, NOT illegal. The only other files I'm sharing are music videos so, again, are NOT illegal.

Am I wrong in assuming this? I mean, TV captures - Anyone who has a TV card can get these. Music videos are just music videos, correct? Who looses $$ on those?

Lemme guess...Lablue Girl WMV files?

WMV/WMA files are open to certain browser exploits...they also cause certain IP's to start pinging you like crazy once they 'lock on'.

Nope, "The Big O".

http://www.wadsnet.com/~merklefam/bigoep2-01a.jpg

http://www.wadsnet.com/~merklefam/New%20Big%20O%20Pics/3rd%20Big%2001.jpg

http://www.wadsnet.com/~merklefam/3rd%20Big2.jpg

http://www.wadsnet.com/~merklefam/bigoep2-16a.jpg

>You must have picked up a exploited Mp3....
Don't jump to conclusions.

To quote from another thread in a newsgroup
>Every time I start my win 2000, my firewall will report
>a invation from IANA:

I blame the creators of "personal firewall" software for
this sort of message. They deliberatly report normal harmless
events as attacks to scare their clueless users. I presume
they hope lusers will spend money on the pro version or
somthing.

>01/26/2003 17:20:20 Executable File Change Denied Major Incoming TCP 0.0.0.0
>24.192.248.41 D:\WINNT\system32\inetsrv\inetinfo.exe 1 01/26/2003 17:20:14
>01/26/2003 17:20:14

The source address is 0.0.0.0
It's just a broadcast packet from your cable modem.

>By traceback, the folowing information was obtained:
You mean "By looking up the owner of the ip address in the public
whois database the following information was obtained which I have
failed to understand".

> Netname: RESERVED-10
This means the range of ip address is not in use on the internet.

IANA allocated blocks of ip addresses to different areas of the work.
The 0.0.0.0 block is not assigned to a regional registry so
it shows up as belonging to IANA.

Originally posted by zaphodiv
>You must have picked up a exploited Mp3....
Don't jump to conclusions.

To quote from another thread in a newsgroup

I'm not actually...lol

Should have said "you might have" but I've seen PC's where they get nailed by a WMV/WMA exploit and it directs them to that IP's DNS and then just sits there...you also notice a bit of upload activity which seems to be uploading a list of files or something of that nature.

Find a video in WMA that has it and you'll see what I mean.

Originally posted by zaphodiv
>You must have picked up a exploited Mp3....
Don't jump to conclusions.

To quote from another thread in a newsgroup

--------------------------------------------------------------------------------
>Every time I start my win 2000, my firewall will report
>a invation from IANA:

I blame the creators of "personal firewall" software for
this sort of message. They deliberatly report normal harmless
events as attacks to scare their clueless users. I presume
they hope lusers will spend money on the pro version or
somthing.

>01/26/2003 17:20:20 Executable File Change Denied Major Incoming TCP 0.0.0.0
>24.192.248.41 D:\WINNT\system32\inetsrv\inetinfo.exe 1 01/26/2003 17:20:14
>01/26/2003 17:20:14

The source address is 0.0.0.0
It's just a broadcast packet from your cable modem.

>By traceback, the folowing information was obtained:
You mean "By looking up the owner of the ip address in the public
whois database the following information was obtained which I have
failed to understand".

> Netname: RESERVED-10
This means the range of ip address is not in use on the internet.

IANA allocated blocks of ip addresses to different areas of the work.
The 0.0.0.0 block is not assigned to a regional registry so
it shows up as belonging to IANA.
--------------------------------------------------------------------------------

Since my fresh install of W2K I have seen this alot. I just tell the software to ignore it.

Try running a WHOIS on the ARIN server rather then RIPE.
There are more listings on that one usually.

IANA is a major nameserver. As you can see it uses port 53 which is DNS.
Harmless really.