IANA hacks?

[DJVageli]

This is weird,I run Kaspersky AV and tonight while I was surfing the internet lol,I got a message saying Im being attacked by this address: 219.66.229.135

I did a whois and it ended up being the IP address of IANA the organization in charge of IP addresses and protocols..do they hack?

[lumpy]

LMAO, thats kinda funny.  Hmm i wonder if they do hack.....

[php]

Possibly a spoofed IP...

edit: where did you look it up?

http://www.whois.sc/219.66.229.135

[FallowEarth]

Nslookup provides this:

Name:    kynfb-06p1-135.ppp11.odn.ad.jp

Address:  219.66.229.135

Coming from Japan, a country where SNMP traffic is allowed, for the most part.  I would guess that it is either somebody in Japan, or somebody tunnelling through a box in Japan.  Do you have a router?

[amc11890]

ironic

[DJVageli]

Nslookup provides this:

Name:    kynfb-06p1-135.ppp11.odn.ad.jp

Address:  219.66.229.135

Coming from Japan, a country where SNMP traffic is allowed, for the most part.  I would guess that it is either somebody in Japan, or somebody tunnelling through a box in Japan.  Do you have a router?

Yea im behind a router,and its weird,when I use testmy's whois I get that IANA message,but when I use a different whois I get that Japanese address

What does that mean and what does somebody from Japan want to do with me?

[FallowEarth]

Yea im behind a router,and its weird,when I use testmy's whois I get that IANA message,but when I use a different whois I get that Japanese address

What does that mean and what does somebody from Japan want to do with me?

Since you are on a router, I would say that chances are slim that it's an entry attempt from a hacker.  Chances are some piece of software on your PC is making the connection, and the return attempt is being blocked.  Most likely cause is spyware, but its possible that a trojan is the culprit.  Try www.ewido.net/en/onlinescan to check.  Otherwise, update all your AV/Anti-Spyware programs, and try hijackthis maybe.

[DJVageli]

Since you are on a router, I would say that chances are slim that it's an entry attempt from a hacker.  Chances are some piece of software on your PC is making the connection, and the return attempt is being blocked.  Most likely cause is spyware, but its possible that a trojan is the culprit.  Try www.ewido.net/en/onlinescan to check.  Otherwise, update all your AV/Anti-Spyware programs, and try hijackthis maybe.

Ok sounds good,ill try that online scan right now,and then hijackthis after,if its a trojan,this is the first time Im getting something like this..besides last week when I saw some UK IP address trying to make a connection

[Blunted 2]

This is weird,I run Kaspersky AV and tonight while I was surfing the internet lol,I got a message saying Im being attacked by this address: 219.66.229.135

I did a whois and it ended up being the IP address of IANA the organization in charge of IP addresses and protocols..do they hack?

i get that alot from this ip and dont have any idea why they would scan the crap out of me.

10.50.192.1

Host unreachable

10.0.0.0 - 10.255.255.255

Internet Assigned Numbers Authority

4676 Admiralty Way, Suite 330

Marina del Rey

CA

90292-6695

United States

Internet Corporation for Assigned Names and Number

+1-310-301-5820

[email protected]

Abuse:

Internet Corporation for Assigned Names and Number

+1-310-301-5820

[email protected]

BLACKHOLE-1.IANA.ORG

BLACKHOLE-2.IANA.ORG

RESERVED-10

Updated: 2002-09-12

Source: whois.arin.net

[DJVageli]

Where do I post hijackthis log?

[FallowEarth]

i get that alot from this ip and dont have any idea why they would scan the crap out of me.

10.50.192.1

Looks like your modem.

Where do I post hijackthis log?

Try posting here: http://hjt.networktechs.com/

[DJVageli]

Just now I supposedly got attacked by 61.185.36.133 and this is very weird..if it wasnt for Kaspersky I wouldnt know lol,or maybe its wrong and being very annoying,but this is the latest one

[RTB]

You shouldn't be paying too much attention to the blocked ones, worries should be about those not blocked.

[Blunted 2]

Looks like your modem.

Try posting here: http://hjt.networktechs.com/

nah man i know my modem and thats not it. 

[Dark_Matter]

Special-Use Addresses

Several address ranges are reserved for "Special Use". These addresses all have restrictions of some sort placed on their use, and in general should not appear in normal use on the public Internet. The following briefly documents these addresses

[Dark_Matter]

whois 219.66.229.135

% [whois.apnic.net node-2]

% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      219.66.0.0 - 219.67.255.255

netname:      ODN

descr:        JAPAN TELECOM CO.,LTD.

descr:        Hatcho-bori 4-7-1,Chuo-ku,Tokyo 104-8508,Japan

country:      JP

admin-c:      JNIC1-AP

tech-c:      JNIC1-AP

status:      ALLOCATED PORTABLE

remarks:      Email address for spam or abuse complaints : [email protected]

mnt-by:      MAINT-JPNIC

mnt-lower:    MAINT-JPNIC

changed:      [email protected] 20031210

changed:      [email protected]  20050713

source:      APNIC

role:        Japan Network Information Center

address:      Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda

address:      Chiyoda-ku, Tokyo 101-0047, Japan

country:      JP

phone:        +81-3-5297-2311

fax-no:      +81-3-5297-2312

e-mail:      [email protected]

admin-c:      JI13-AP

tech-c:      JE53-AP

nic-hdl:      JNIC1-AP

mnt-by:      MAINT-JPNIC

changed:      [email protected] 20041222

changed:      [email protected] 20050324

changed:      [email protected] 20051027

source:      APNIC

inetnum:      219.66.0.0 - 219.66.255.255

netname:      ODN

descr:        Open Data Network(JAPAN TELECOM CO.,LTD.)

country:      JP

admin-c:      YN234JP

tech-c:      YN234JP

remarks:      This information has been partially mirrored by APNIC from

remarks:      JPNIC. To obtain more specific information, please use the

remarks:      JPNIC WHOIS Gateway at

remarks:      http://www.nic.ad.jp/en/db/whois/en-gateway.html or

remarks:      whois.nic.ad.jp for WHOIS client. (The WHOIS client

remarks:      defaults to Japanese output, use the /e switch for English

remarks:      output)

changed:      [email protected] 20031219

source:      JPNIC

[Dark_Matter]

whois 10.50.192.1

OrgName:    Internet Assigned Numbers Authority

OrgID:      IANA

Address:    4676 Admiralty Way, Suite 330

City:      Marina del Rey

StateProv:  CA

PostalCode: 90292-6695

Country:    US

NetRange:  10.0.0.0 - 10.255.255.255

CIDR:      10.0.0.0/8

NetName:    RESERVED-10

NetHandle:  NET-10-0-0-0-1

Parent:

NetType:    IANA Special Use

NameServer: BLACKHOLE-1.IANA.ORG

NameServer: BLACKHOLE-2.IANA.ORG

Comment:    This block is reserved for special purposes.

Comment:    Please see RFC 1918 for additional information.

Comment:

RegDate:

Updated:    2002-09-12

OrgAbuseHandle: IANA-IP-ARIN

OrgAbuseName:  Internet Corporation for Assigned Names and Number

OrgAbusePhone:  +1-310-301-5820

OrgAbuseEmail:  [email protected]

OrgTechHandle: IANA-IP-ARIN

OrgTechName:  Internet Corporation for Assigned Names and Number

OrgTechPhone:  +1-310-301-5820

OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2006-01-28 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

[Dark_Matter]

I always use the whois system on my dedicated linux boxes i always get a more accurate return with them than i do any web based whois system. With the help of the whois system on my linux box, and nmap not much you can't get when breifly investigating a network ip range or system.

[Dark_Matter]

nmap -sP 219.66.229.135

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-01-29 05:37 EST

Note: Host seems down. If it is really up, but blocking our ping probes, try -P0

Nmap finished: 1 IP address (0 hosts up) scanned in 2.068 seconds

It appears whoever was using this address they won't be now it is indeed down i ran some other tests after this, and this ip is inactive at the moment.