B.I.S.S. Forums > Problem IP address

themechanic2007

Jun 29 2008, 12:24 AM

I was reviewing my Logs and found this entry,

BLOCKED [!] - Destination is Hurricane Electric, adpopper.outblaze.com, TopMo... (64.62.145.163) [Protocol: TCP - src: 2099 / dst: 6969]

Now, The strange part is, I have Blacklisted that IP in my router. Is it a trojan downloader? What is the
REAL IP?

And one more,

2008/06/27 20:57:16 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2047 / dst: 80]
2008/06/27 20:57:16 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2048 / dst: 80]
2008/06/27 20:57:19 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2047 / dst: 80]
2008/06/27 20:57:19 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2048 / dst: 80]
2008/06/27 20:57:24 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2047 / dst: 80]
2008/06/27 20:57:24 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2048 / dst: 80]
2008/06/27 20:57:31 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2087 / dst: 80]
2008/06/27 20:57:31 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2088 / dst: 80]
2008/06/27 20:57:34 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2087 / dst: 80]
2008/06/27 20:57:34 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2088 / dst: 80]
2008/06/27 20:57:37 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2106 / dst: 80]
2008/06/27 20:57:37 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2107 / dst: 80]
2008/06/27 20:57:40 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2106 / dst: 80]

Even though I have contacted the Host, They ASSURE me that it is just content delivery, However I have 5 pages FULL of these (Looks like port scans to me!).

Please Advise!

I am running Protowall 2.01/build 7! (The only one I could get to work properly).

rzvvts

Jun 29 2008, 02:21 PM

QUOTE

I was reviewing my Logs and found this entry,

BLOCKED [!] - Destination is Hurricane Electric, adpopper.outblaze.com, TopMo... (64.62.145.163) [Protocol: TCP - src: 2099 / dst: 6969]

Now, The strange part is, I have Blacklisted that IP in my router. Is it a trojan downloader? What is the
REAL IP?

64.62.145.163 bt.downloadanime.org
Port 6969 is commonly used by bittorrent trackers.
Meaning you either got hax0red like you suggested or been keeping up with the latest and the lamest in Naruto.
It was your bt client connecting to the tracker.
Whenever in doubt use TCPView to see network enabled processes and the ports they use.

themechanic2007

Jun 29 2008, 08:23 PM

QUOTE (rzvvts @ Jun 29 2008, 07:21 AM)

64.62.145.163 bt.downloadanime.org
Port 6969 is commonly used by bittorrent trackers.
Meaning you either got hax0red like you suggested or been keeping up with the latest and the lamest in Naruto.
It was your bt client connecting to the tracker.
Whenever in doubt use TCPView to see network enabled processes and the ports they use.

Thanks for the quick reply:) And I have found that another machine on MY LAN has been using a
torrent tracker for BLEACH (same concept). Although this still leaves this one,

2008/06/27 20:57:40 [<-] BLOCKED [!] - Destination is Panther Express Corp (66.114.50.43) [Protocol: TCP - src: 2106 / dst: 80]

Stange part about this one, their IP/DNS name keeps changing. Makes one wonder!