Unknown IP address showing up in log

[tmcmulli]

I'm running Vista 64-bit, OneCare firewall, and have just downloaded and run ESET AV. I have an outbound ip address showing up in a sniffer log about every 5 minutes or so, only from this one machine. The IP address does not resolve, and doesn't seem to exist, but the fact that my machine is trying to reach out bugs me.

I found the problem on Airsnare, and caught the outbound ICMP request via Ethereal. Inside of a Linksys router, with only a non-standard VNC port forwarded to this machine.

Any ideas are GREATLY appreciated.

 

[dmex]

You can check with network-tools.com and see who is the registrant of the domain...Whats the IP?

 

[tmcmulli]

You can check with network-tools.com and see who is the registrant of the domain...Whats the IP?

I looked it up at whois and that didn't lead anywhere. Network-tools.com has it listed to bbnplanet.net, with a reference to markmonitor.com. Starting to definitely look like spyware, but three anti-spy programs have had zero results.

IP is 4.25.17.65.. system is hitting this address every two-three minutes, but the log shows the ip address doesn't exist. Thank God...

 

[dmex]

I used another site Whois record for 4.25.17.65 and the results say the IP is owned by Las Vegas Little Theatre: By The Community, For The Community so I have no idea who owns that IP address try some of these sites and see if they all report a similar registrant whois - Google Search....

The IP address is active and responding to ping requests and not all malware/spyware is included in the latest definition updates (spybot S+D allows you to download beta updates, try them) so you might/might not have an infection but any system constantly hitting that IP is curious and an anomaly...

 

[tmcmulli]

Unfortunately, LVLT is Level Three... that's their class A IP license...so no way of knowing who this thing is registered to from what I can tell. Spybot also didn't kill off anything. I even turned off my firewall (OneCare) for everything except VMware (the sniffer doesn't run under 64-bit).

So my next steps are to get a better firewall, or find a sniffer program that runs under 64-bit Vista. Out of my 7 machines running, this is the only one hitting that ip address...the more I search, the more confused I get...

 

[tmcmulli]

Re: Unknown IP address showing up in log: Solved

Looks like Airsnare was the culprit. I move the sniffer software to another machine, and the phantom ip address followed Airsnare, so I'm looking for new sniffer software...

so pissed right now....