#1 Le 23/09/2005, à 08:01
- Orphée
Requetes de ping douteuse venant toujours de la même IP ?
Bonjour voilà j'aimerai votre avis, je reçois constemment des requètes de ping venant de cette IP :
145.254.11.150
le nom de l'hote :
han-145-354-11-150.arcor-ip.net
Est-ce que quelqu'un sait d'où ça vient ? une application que j'aurai installé ?
Sous windows je n'ai pas ces requètes..
Je suis derrière une Freebox en mode routeur..
ça me le fait chez moi mais aussi chez un ami qui est aussi sur Freebox ..
Je n'ai pas su trouver plus d'info sur cette adresse...
@+
Hors ligne
#2 Le 23/09/2005, à 11:57
- Valère
Re : Requetes de ping douteuse venant toujours de la même IP ?
quelques infos sur cette ip :
145.254.11.150 resolved to han-145-254-11-150.arcor-ip.net
DNS Query Results:
; <<>> DiG 9.2.2-P3 <<>> any han-145-254-11-150.arcor-ip.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54505
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;han-145-254-11-150.arcor-ip.net. IN ANY
;; ANSWER SECTION:
han-145-254-11-150.arcor-ip.net. 43200 IN A 145.254.11.150
;; Query time: 229 msec
;; SERVER: 80.245.58.1#53(80.245.58.1)
;; WHEN: Fri Sep 23 12:55:14 2005
;; MSG SIZE rcvd: 65
WWWhois Results:
Connecting to whois.crsnic.net...
NOT FOUND: No match for 145.254.11.150
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
No match for "145.254.11.150".
>>> Last update of whois database: Fri, 23 Sep 2005 02:11:18 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
IP Whois Results:
Connecting to whois.arin.net...
Deferred to specific whois server: whois.ripe.net...
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '145.254.11.0 - 145.254.11.255'
inetnum: 145.254.11.0 - 145.254.11.255
netname: ARCOR-BACKBONE-HAN-NET1
descr: Arcor AG & Co
descr: Alfred-Herrhausen-Allee 1
descr: D-65760 Eschborn
descr: Germany
country: DE
admin-c: ANOC1-RIPE
tech-c: ANOC1-RIPE
status: ASSIGNED PA
mnt-by: ARCOR-MNT
source: RIPE # Filtered
role: Mannesmann Arcor Network Operation Center
address: Arcor AG & Co.KG
address: Department TBN
address: Otto-Volger-Str. 19
address: D-65843 Sulzbach/Ts.
address: Germany
phone: +49 6196 523 0864
remarks: trouble: Security issues mailto:abuse@arcor-ip.de
remarks: trouble: Information http://www.arcor.net
remarks: trouble: Peering contact mailto:peering@adm.arcor.net
remarks: trouble: Operational issues mailto:noc@adm.arcor.net
remarks: trouble: Address assignment mailto:ip-registry@arcor.net
admin-c: PN667-RIPE
admin-c: SM9000-RIPE
admin-c: JS19072-RIPE
admin-c: DH6636-RIPE
admin-c: AR9338-RIPE
admin-c: TK11590-RIPE
admin-c: RH12597-RIPE
admin-c: MW877-RIPE
admin-c: FB3293-RIPE
tech-c: NH15-RIPE
nic-hdl: ANOC1-RIPE
mnt-by: ARCOR-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@arcor-ip.de
% Information related to '145.254.0.0/16AS3209'
route: 145.254.0.0/16
descr: ARCOR-IP
origin: AS3209
mnt-by: ARCOR-MNT
source: RIPE # Filtered
Checking Port 80...
Warning: fsockopen(): unable to connect to 145.254.11.150:80 in /export/lg.hostingfrance.com/htdocs/index.php on line 309
Port 80 does not appear to be open.
Ping Results:
PING 145.254.11.150 (145.254.11.150) 56(84) bytes of data.
64 bytes from 145.254.11.150: icmp_seq=0 ttl=249 time=38.2 ms
64 bytes from 145.254.11.150: icmp_seq=1 ttl=249 time=140 ms
64 bytes from 145.254.11.150: icmp_seq=2 ttl=249 time=37.3 ms
64 bytes from 145.254.11.150: icmp_seq=3 ttl=249 time=391 ms
64 bytes from 145.254.11.150: icmp_seq=4 ttl=249 time=37.5 ms
--- 145.254.11.150 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4045ms
rtt min/avg/max/mdev = 37.395/129.098/391.891/137.286 ms, pipe 2
Traceroute Results:
1 switch2-vlan2-backbone (80.245.58.12) 0.549 ms 0.491 ms 0.463 ms
2 fe-ve99-0-5.br6.th2.fr.ovanet.net (80.245.58.45) 16.096 ms 15.368 ms 15.289 ms
3 ge-ve33-2-8.br2.th2.fr.eurowan.net (85.12.148.26) 16.173 ms 15.204 ms 16.067 ms
4 194.68.129.139 (194.68.129.139) 15.647 ms 15.375 ms 15.434 ms
5 dus-145-254-19-117.arcor-ip.net (145.254.19.117) 36.176 ms 36.393 ms 50.110 ms
6 esn-145-254-19-177.arcor-ip.net (145.254.19.177) 36.161 ms 36.316 ms 36.316 ms
7 han-145-254-18-242.arcor-ip.net (145.254.18.242) 37.106 ms 36.223 ms 36.750 ms
8 * * *
9 * * *
10 * * *
11 han-145-254-11-150.arcor-ip.net (145.254.11.150) 37.670 ms * *1984 was not supposed to be an instruction manual
hostux.net serveur mail/jabber + hébergement d'images.
Hors ligne
#3 Le 23/09/2005, à 16:06
- Orphée
Re : Requetes de ping douteuse venant toujours de la même IP ?
Merci ! mais ça ne m'en dit guere plus... 
Comment lister toutes les applications essayant de se connecter à internet ?
Dernière modification par Orphée (Le 23/09/2005, à 16:16)
Hors ligne
#4 Le 23/09/2005, à 17:06
- dawar
Re : Requetes de ping douteuse venant toujours de la même IP ?
sudo netstat -pa |grep tcp pour voir les connexions tcp.
S'il n'y a pas de solution, c'est qu'il n'y a pas de problème (Devise Shadoks)
Hors ligne
#5 Le 23/09/2005, à 17:15
- Orphée
Re : Requetes de ping douteuse venant toujours de la même IP ?
Je soupsonne un de mes process louche, parce que j'ai changé les règles de Firestarter pour empecher toute sortie non définie, et je n'ai plus de ping venant de cette IP, je suppose donc que c'est un process qui sort, et quand l'autre en face répondait Firestarter le bloquait..
Hors ligne
#6 Le 23/09/2005, à 17:30
- Orphée
Re : Requetes de ping douteuse venant toujours de la même IP ?
tcp 0 0 *:8000 *:* LISTEN 11341/python
tcp 0 0 localhost.localdo:32769 *:* LISTEN -
tcp 0 0 localhost.localdo:32770 *:* LISTEN -
tcp 0 0 *:614 *:* LISTEN -
tcp 0 0 *:netbios-ssn *:* LISTEN -
tcp 0 0 *:5900 *:* LISTEN 8179/vino-server
tcp 0 0 *:sunrpc *:* LISTEN -
tcp 0 0 localhost.localdo:64976 *:* LISTEN 8243/wish
tcp 0 0 localhost.localdoma:ipp *:* LISTEN -
tcp 0 0 *:nessus *:* LISTEN -
tcp 0 0 localhost.localdomai:25 *:* LISTEN -
tcp 0 0 *:gdomap *:* LISTEN -
tcp 0 0 *:microsoft-ds *:* LISTEN -
tcp 0 0 localhost.localdo:49365 localhost.localdo:32769 ESTABLISHED-
tcp 0 0 192.168.0.100:57816 baym4-sb3.messenge:1863 CLOSE_WAIT 8243/wish
tcp 0 0 192.168.0.100:42584 baym-cs196.msgr.ho:1863 ESTABLISHED8243/wish
tcp 0 0 localhost.localdoma:ipp localhost.localdo:50636 ESTABLISHED-
tcp 0 0 192.168.0.100:50886 baym-sb49.msgr.hot:1863 CLOSE_WAIT 8243/wish
tcp 0 0 localhost.localdo:32769 localhost.localdo:49365 ESTABLISHED-
tcp 0 0 192.168.0.100:58099 baym-sb112.msgr.ho:1863 CLOSE_WAIT 8243/wish
tcp 0 0 192.168.0.100:41733 baym-sb12.msgr.hot:1863 CLOSE_WAIT 8243/wish
tcp 0 0 192.168.0.100:55602 ns0.apinc.org:www ESTABLISHED12098/firefox-bin
tcp 0 0 192.168.0.100:55603 ns0.apinc.org:www ESTABLISHED12098/firefox-bin
tcp 0 0 localhost.localdo:50636 localhost.localdoma:ipp ESTABLISHED8233/gnome-cups-ico
tcp 0 0 192.168.0.100:41928 baym4-sb11.messeng:1863 ESTABLISHED8243/wish
tcp 0 0 192.168.0.100:57981 baym4-sb10.messeng:1863 CLOSE_WAIT 8243/wish
tcp6 0 0 *:ssh *:* LISTEN -Hors ligne