Unknown IP address showing up in log

tmcmulli · 04-23-2008

I'm running Vista 64-bit, OneCare firewall, and have just downloaded and run ESET AV. I have an outbound ip address showing up in a sniffer log about every 5 minutes or so, only from this one machine. The IP address does not resolve, and doesn't seem to exist, but the fact that my machine is trying to reach out bugs me.

I found the problem on Airsnare, and caught the outbound ICMP request via Ethereal. Inside of a Linksys router, with only a non-standard VNC port forwarded to this machine.

Any ideas are GREATLY appreciated.

**dmex** · 04-24-2008

You can check with network-tools.com and see who is the registrant of the domain...Whats the IP?

tmcmulli · 04-24-2008

	Quote:	dmex
	You can check with network-tools.com and see who is the registrant of the domain...Whats the IP?

I looked it up at whois and that didn't lead anywhere. Network-tools.com has it listed to bbnplanet.net, with a reference to markmonitor.com. Starting to definitely look like spyware, but three anti-spy programs have had zero results.

IP is 4.25.17.65.. system is hitting this address every two-three minutes, but the log shows the ip address doesn't exist. Thank God...

**dmex** · 04-24-2008

I used another site Whois record for 4.25.17.65 and the results say the IP is owned by Las Vegas Little Theatre: By The Community, For The Community so I have no idea who owns that IP address try some of these sites and see if they all report a similar registrant whois - Google Search....

The IP address is active and responding to ping requests and not all malware/spyware is included in the latest definition updates (spybot S+D allows you to download beta updates, try them) so you might/might not have an infection but any system constantly hitting that IP is curious and an anomaly...

tmcmulli · 04-26-2008

Unfortunately, LVLT is Level Three... that's their class A IP license...so no way of knowing who this thing is registered to from what I can tell. Spybot also didn't kill off anything. I even turned off my firewall (OneCare) for everything except VMware (the sniffer doesn't run under 64-bit).

So my next steps are to get a better firewall, or find a sniffer program that runs under 64-bit Vista. Out of my 7 machines running, this is the only one hitting that ip address...the more I search, the more confused I get...

tmcmulli · 04-26-2008

Looks like Airsnare was the culprit. I move the sniffer software to another machine, and the phantom ip address followed Airsnare, so I'm looking for new sniffer software...

so pissed right now....

04-23-2008	#1 (permalink)
tmcmulli Newbie Join Date: Apr 2008 Vista Ultimate 32 and 64 Posts: 4	Unknown IP address showing up in log I'm running Vista 64-bit, OneCare firewall, and have just downloaded and run ESET AV. I have an outbound ip address showing up in a sniffer log about every 5 minutes or so, only from this one machine. The IP address does not resolve, and doesn't seem to exist, but the fact that my machine is trying to reach out bugs me. I found the problem on Airsnare, and caught the outbound ICMP request via Ethereal. Inside of a Linksys router, with only a non-standard VNC port forwarded to this machine. Any ideas are GREATLY appreciated.

04-24-2008	#2 (permalink)
dmex ʛٯᴙᵁ Join Date: May 2007 Vista Ultimate Posts: 1,716 Location: Fremantle, Western Australia	Re: Unknown IP address showing up in log You can check with network-tools.com and see who is the registrant of the domain...Whats the IP?

04-24-2008	#4 (permalink)
dmex ʛٯᴙᵁ Join Date: May 2007 Vista Ultimate Posts: 1,716 Location: Fremantle, Western Australia	Re: Unknown IP address showing up in log I used another site Whois record for 4.25.17.65 and the results say the IP is owned by Las Vegas Little Theatre: By The Community, For The Community so I have no idea who owns that IP address try some of these sites and see if they all report a similar registrant whois - Google Search.... The IP address is active and responding to ping requests and not all malware/spyware is included in the latest definition updates (spybot S+D allows you to download beta updates, try them) so you might/might not have an infection but any system constantly hitting that IP is curious and an anomaly...

04-26-2008	#5 (permalink)
tmcmulli Newbie Join Date: Apr 2008 Vista Ultimate 32 and 64 Posts: 4	Re: Unknown IP address showing up in log Unfortunately, LVLT is Level Three... that's their class A IP license...so no way of knowing who this thing is registered to from what I can tell. Spybot also didn't kill off anything. I even turned off my firewall (OneCare) for everything except VMware (the sniffer doesn't run under 64-bit). So my next steps are to get a better firewall, or find a sniffer program that runs under 64-bit Vista. Out of my 7 machines running, this is the only one hitting that ip address...the more I search, the more confused I get...

04-26-2008	#6 (permalink)
tmcmulli Newbie Join Date: Apr 2008 Vista Ultimate 32 and 64 Posts: 4	Re: Unknown IP address showing up in log: Solved Looks like Airsnare was the culprit. I move the sniffer software to another machine, and the phantom ip address followed Airsnare, so I'm looking for new sniffer software... so pissed right now....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode