Hey, I don't know if this is a problem, or what because I have no idea where these are coming from. Anyways.. When I open up my Firewall log, I can see that I am getting traffic "spammed".
Within 3 hours, I have 7 thousand alerts piled up onto my firewall, which I believe is causing my computer to never sit at 0% CPU usage, it's always near 3-10%, and rarely 1. I have two things to show you:
As you can see my CPU usage is at 5%, which it normally sits at if I am doing absolutely nothing. If you look on the other side, and read the logs you'll see from the IP 83.229.6.130 there was 12 connection attempts. Of course the attempts were denied, but were they actually?
I have Whois-ed the IP above, and I get these results:
This is really odd because if you look at the nameservers there are three different name servers, Apnic.net, ripe.net, and sunet.se. Anyways, I followed the IP to Ripe.net and I get this:
http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=83.229.6.130&do_search=Search
** Sorry, I didn't want to put the whole text.
If you look on the page, the person behind the IP is "Jean Paul Tshimanga". It also shows his email address and what not.
So my question after the follow up is... is there something wrong? Is somebody attempting to attack my computer, or is somebody attempting to access something like a radio server on my computer.
(Just so you know I read up on a IP before, and contacted the host. They said that the IP connected with the "attack" was actually my domains IP, which was really odd...)
Also, last thing, here is the information about the IP, which is also included with my Firewall:
Shows the port and everything, I don't understand it so I was wondering if anybody did.
Okay, to rap this up, I am wondering if this is anything I really should be worrying about? And if there is how can I fix it?
Many many MANY thanks! And Merci for reading such a long post!
Within 3 hours, I have 7 thousand alerts piled up onto my firewall, which I believe is causing my computer to never sit at 0% CPU usage, it's always near 3-10%, and rarely 1. I have two things to show you:
As you can see my CPU usage is at 5%, which it normally sits at if I am doing absolutely nothing. If you look on the other side, and read the logs you'll see from the IP 83.229.6.130 there was 12 connection attempts. Of course the attempts were denied, but were they actually?
I have Whois-ed the IP above, and I get these results:
| Quote: |
| OrgName: RIPE Network Coordination Centre
OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 83.0.0.0 - 83.255.255.255 CIDR: 83.0.0.0/8 NetName: 83-RIPE NetHandle: NET-83-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: SUNIC.SUNET.SE NameServer: TINNIE.ARIN.NET NameServer: NS3.NIC.FR Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois Comment: RegDate: 2003-11-17 Updated: 2004-03-16 # ARIN WHOIS database, last updated 2007-09-15 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. |
This is really odd because if you look at the nameservers there are three different name servers, Apnic.net, ripe.net, and sunet.se. Anyways, I followed the IP to Ripe.net and I get this:
http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=83.229.6.130&do_search=Search
** Sorry, I didn't want to put the whole text.
If you look on the page, the person behind the IP is "Jean Paul Tshimanga". It also shows his email address and what not.
So my question after the follow up is... is there something wrong? Is somebody attempting to attack my computer, or is somebody attempting to access something like a radio server on my computer.
(Just so you know I read up on a IP before, and contacted the host. They said that the IP connected with the "attack" was actually my domains IP, which was really odd...)
Also, last thing, here is the information about the IP, which is also included with my Firewall:
Shows the port and everything, I don't understand it so I was wondering if anybody did.
Okay, to rap this up, I am wondering if this is anything I really should be worrying about? And if there is how can I fix it?
Many many MANY thanks! And Merci for reading such a long post!
