Re: 140.206.54.174 anyone seen this?

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/17/04 

Date: Tue, 16 Nov 2004 17:31:07 -0600

In article <hqcmd.6553$GV4.7812191@news4.srv.hcvlny.cv.net>, EL wrote:

>I have a VPN gateway. I keep seeing this ip address over and over again.
>A friend of mine that works in another state say's in his network see's this
>ip140.206.54.174 also.

[compton ~]$ arinwhois 140.206.54.174
[whois.arin.net]

No match found for 140.206.54.174.

# ARIN WHOIS database, last updated 2004-11-15 19:10
[compton ~]$ zgrep ' 140.20[3-9]' IP.ADDR/stats/[ALR]*
IP.ADDR/stats/ARIN.gz:US 140.204.0.0 255.255.0.0 assigned
IP.ADDR/stats/ARIN.gz:US 140.208.0.0 255.255.0.0 assigned
IP.ADDR/stats/ARIN.gz:US 140.209.0.0 255.255.0.0 assigned
IP.ADDR/stats/RIPE.gz:EU 140.203.0.0 255.255.0.0 assigned
[compton ~]$

The address is unallocated/unassigned.

>It is not pingable or you cant traceroute to it.

You're posting with windoze outhouse express. The incredibly broken
tracert that comes from microshaft uses ping (ICMP Type 8) rather than
UDP packets that the original traceroute uses. Thus, anyone blocking pings
is going to break the function tracert depends on. However, as there is no
network assigned to use the address space between 140.205.0.0 and
140.207.255.255, the first router with a clue is going to return an ICMP
Type 3 Code 0, 1, 6, or 7, saying you can't get there from here.

>So who is it? That address is trying to VPN in because of the log's we see.

Post the _exact_ logs. If you can run a sniffer like 'ethereal' or 'tcpdump'
or have a passive fingerprinting application like ettercap, NIDS, n0t, natdet,
p0f, or prelude-ids, post the packet headers or signature data.

        Old guy

Relevant Pages

  • Re: Can access secure site from dial-up but not from LAN network
    ... I ran the tracert to their site and it did successfully ... leave my network, but failed on the 15th hop on an address that looks to be ... > website or IP address which probably is unlikely. ... > of hopping through routers to them and would be worth a try. ...
    (microsoft.public.security)
  • Re: BT internal network problems.
    ... > have a persistant problem with connecting to a remote site on a BT ... >network can be unavailable for hours at a time. ... Whenever the link was down I did a tracert to the remote system. ... See my posts the past weeks, such as 'BT Yahoo packet loss', etc, etc. ...
    (uk.telecom.broadband)
  • Re: Two networking cards
    ... I did try tracert and said 155.57.44.0/24 could access ... Tracing route to ... > workstation to workstation .19 to .44 subnet and visa versa. ... so for the local network. ...
    (microsoft.public.windows.server.networking)
  • Re: (HELP!) tracert problems
    ... I have a problem with tracert displaying differing results depending ... on the network it is running it from. ... Both Hop 12 and hop 25 are the final IP address, ... For tracerts to work for the response to come back through a PIX or ASA, it has to be explitly allowed. ...
    (microsoft.public.windows.server.networking)
  • Re: Messages being received in packs
    ... Can you tell me what I need to do - I googled UDP packets and it didn't help ... If you have a network monitor, set up up to watch UDP packets with the ... New Mail Notifications Stop After Removing Portable Computer ...
    (microsoft.public.exchange.admin)