FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Internet Sheild Alerts





Diablosblizz
Hey, I don't know if this is a problem, or what because I have no idea where these are coming from. Anyways.. When I open up my Firewall log, I can see that I am getting traffic "spammed".

Within 3 hours, I have 7 thousand alerts piled up onto my firewall, which I believe is causing my computer to never sit at 0% CPU usage, it's always near 3-10%, and rarely 1. I have two things to show you:





As you can see my CPU usage is at 5%, which it normally sits at if I am doing absolutely nothing. If you look on the other side, and read the logs you'll see from the IP 83.229.6.130 there was 12 connection attempts. Of course the attempts were denied, but were they actually?

I have Whois-ed the IP above, and I get these results:

Quote:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 83.0.0.0 - 83.255.255.255
CIDR: 83.0.0.0/8
NetName: 83-RIPE
NetHandle: NET-83-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS3.NIC.FR
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
Comment:
RegDate: 2003-11-17
Updated: 2004-03-16

# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


This is really odd because if you look at the nameservers there are three different name servers, Apnic.net, ripe.net, and sunet.se. Anyways, I followed the IP to Ripe.net and I get this:

http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=83.229.6.130&do_search=Search

** Sorry, I didn't want to put the whole text.

If you look on the page, the person behind the IP is "Jean Paul Tshimanga". It also shows his email address and what not.

So my question after the follow up is... is there something wrong? Is somebody attempting to attack my computer, or is somebody attempting to access something like a radio server on my computer.

(Just so you know I read up on a IP before, and contacted the host. They said that the IP connected with the "attack" was actually my domains IP, which was really odd...)

Also, last thing, here is the information about the IP, which is also included with my Firewall:



Shows the port and everything, I don't understand it so I was wondering if anybody did.

Okay, to rap this up, I am wondering if this is anything I really should be worrying about? And if there is how can I fix it?

Many many MANY thanks! And Merci for reading such a long post!
coreymanshack
Diablosblizz wrote:
Hey, I don't know if this is a problem, or what because I have no idea where these are coming from. Anyways.. When I open up my Firewall log, I can see that I am getting traffic "spammed".

Within 3 hours, I have 7 thousand alerts piled up onto my firewall, which I believe is causing my computer to never sit at 0% CPU usage, it's always near 3-10%, and rarely 1. I have two things to show you:





As you can see my CPU usage is at 5%, which it normally sits at if I am doing absolutely nothing. If you look on the other side, and read the logs you'll see from the IP 83.229.6.130 there was 12 connection attempts. Of course the attempts were denied, but were they actually?

I have Whois-ed the IP above, and I get these results:

Quote:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 83.0.0.0 - 83.255.255.255
CIDR: 83.0.0.0/8
NetName: 83-RIPE
NetHandle: NET-83-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS3.NIC.FR
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
Comment:
RegDate: 2003-11-17
Updated: 2004-03-16

# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


This is really odd because if you look at the nameservers there are three different name servers, Apnic.net, ripe.net, and sunet.se. Anyways, I followed the IP to Ripe.net and I get this:

http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=83.229.6.130&do_search=Search

** Sorry, I didn't want to put the whole text.

If you look on the page, the person behind the IP is "Jean Paul Tshimanga". It also shows his email address and what not.

So my question after the follow up is... is there something wrong? Is somebody attempting to attack my computer, or is somebody attempting to access something like a radio server on my computer.

(Just so you know I read up on a IP before, and contacted the host. They said that the IP connected with the "attack" was actually my domains IP, which was really odd...)

Also, last thing, here is the information about the IP, which is also included with my Firewall:



Shows the port and everything, I don't understand it so I was wondering if anybody did.

Okay, to rap this up, I am wondering if this is anything I really should be worrying about? And if there is how can I fix it?

Many many MANY thanks! And Merci for reading such a long post!


I really don't think this is anything you should be worrying about.
IT doesn't seem like someone is trying to attack you to me.
Are you running a server from your computer?
Do you have any ports open that are accessible from the WWW

1-10% CPU usage by windows is normal. There are processes that run in the background that take up CPU. Even if you aren't doing anything, your computer is.
Diablosblizz
Quote:
I really don't think this is anything you should be worrying about.
IT doesn't seem like someone is trying to attack you to me.
Are you running a server from your computer?
Do you have any ports open that are accessible from the WWW

1-10% CPU usage by windows is normal. There are processes that run in the background that take up CPU. Even if you aren't doing anything, your computer is.


Yes, I run a radio server on this computer. My radio port is 8000, but if I look at the logs the port is always the same (51426).

I googled the port, and nothing came up. Is this a "ghost" port?
coreymanshack
Diablosblizz wrote:
Quote:
I really don't think this is anything you should be worrying about.
IT doesn't seem like someone is trying to attack you to me.
Are you running a server from your computer?
Do you have any ports open that are accessible from the WWW

1-10% CPU usage by windows is normal. There are processes that run in the background that take up CPU. Even if you aren't doing anything, your computer is.


Yes, I run a radio server on this computer. My radio port is 8000, but if I look at the logs the port is always the same (51426).

I googled the port, and nothing came up. Is this a "ghost" port?


that's beyond my knowledge. but it seems these requests are coming from that port. I think you are fine. Nothing to worry about.
Related topics
How Spyware Works!!!
Downloading the Internet!
Internet Download Manager
Nokia does Linux on its new Internet tablet
internet explorer
Pakistan Internet disruption continues
Booting time
File size
Broadband Internet access via TV cables (cud reach 100mb/sec
Nuevo buscador de Internet: Ask Jesus (Humor)
Internet and Homework
Internet Explorer 7 sera mejor ?
Norton Internet Security™ 2006
ZoneAlarm Internet Security Suite/Pro/Antivirus 7.1.254.000
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.