[X4U] (no subject)
Nick Scalise
nickscalise at mac.com
Fri Jul 22 16:25:09 PDT 2005
On Jul 22, 2005, at 6:18 PM, John Kiss wrote:
> I just recently decided to turn on my firewall logging. I'm finding
> a lot of Stealth Mode connection attempts in the list. Shown below
> is an example. The 192.168.0.100 is my IP address.
> Who is 38.113.192.83?
38.113.192.83.svwh.net is from "Silicon Valley Web Hosting"
The whois from Arin.net:
whois://38.113.192.83@whois.arin.net
Performance Systems International Inc. PSINETA (NET-38-0-0-0-1)
38.0.0.0 - 38.255.255.255
Performance Systems International Inc. COGENT-NB-0002 (NET-38-112-0-0-1)
38.112.0.0 - 38.119.255.255
> and should I be worried?
Not really. It's probably just a compromised Windows box looking for
other Windows boxes to compromise.
> .... ipfw: Stealth Mode connection attempt to TCP
> 192.168.0.100:49425 from 38.113.192.83:80
Ain't logging great? Tells you all sorts of stuff you wish you never
knew.
If you really want, you could email the folks at svwh.net and ask
them why a machine in their control is attempting to gain access to
your machine.
--
Nick Scalise
nickscalise at mac.com
More information about the X4U
mailing list