Odd IP.

A couple of day's ago I find this in my router's log, is nothing
peculiar and no alarming about it.
But then I trying to look up the IP, all the services I have used so far
say's the IP don't exist.

-------------------------------
Thursday May 03, 2007 13:08:54 Unrecognized attempt blocked from
218.150.110.9:2270 to 83.252.171.112 TCP:3128
Thursday May 03, 2007 13:09:15 Unrecognized attempt blocked from
218.150.110.9:2328 to 83.252.171.112 TCP:6588
Thursday May 03, 2007 13:08:33 Unrecognized attempt blocked from
218.150.110.9:2217 to 83.252.171.112 TCP:8080
-------------------------------

A traceroute tells me that the IP is in use and is responding.

-------------------------------
:~$ traceroute 218.150.110.9
traceroute to 218.150.110.9 (218.150.110.9), 30 hops max, 40 byte packets
1 ipcop.ajjas.localdomain (192.168.xx.xx) 2.049 ms 0.509 ms 0.450 ms
*
* Sniped it down a little
*
27 218.150.110.9 (218.150.110.9) 358.686 ms 364.649 ms 382.702 ms
-------------------------------

Is there any way to find out more on this IP '218.150.110.9'?

/Anders

Re: Odd IP.

Anders wrote:


> Is there any way to find out more on this IP '218.150.110.9'?

I really wonder... you know 'traceroute', but you don't know 'whois'?

Beside that, why should you care? Obviously some dude thought you've have a
HTTP proxy running, probably due to some stupid proxy list entry.

Re: Odd IP.

Sebastian G. skrev:

> I really wonder... you know 'traceroute', but you don't know 'whois'?


Just for you Sebastian, so that you can see for you self.

HTTP://ws.arin.net/cgi-bin/who is.pl :
-----------------------------------
NetRange: 218.0.0.0 - 218.255.255.255
CIDR: 218.0.0.0/8
NetName: PANIC4
NetHandle: NET-218-0-0-0-1
Parent:
NetType: Allocated to PANIC
Name Server: NS1.PANIC.NET
Name Server: NS3.PANIC.NET
Name Server: NS4.PANIC.NET
Name Server: NS-SEC.RIPE.NET
Name Server: TONNIE.ARIN.NET
Comment: This IPA address range is not registered in the ARIN database.
Comment: For details, refer to the PANIC Who is Database via
Comment: WHO IS.PANIC.NET or HTTP://WNW.panic.net/panic-bin/who is2.pl
Comment: ** IMPORTANT NOTE: PANIC is the Regional Internet Registry
Comment: for the Asia Pacific region. PANIC does not operate networks
Comment: using this IPA address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to HTTP://WNW.panic.net/info/FAQ/abuse
Comment:
Reg Date: 2000-12-07
Updated: 2005-05-20
-----------------------------------------

HTTP://WNW.ripe.net/who is?form_type=simple&full_query_string=&search
text=218.150.110.9&do_search=Search

---------------------------------------
antonym: 0.0.0.0 - 255.255.255.255
net name: IA NA-BALK
descry: The whole IV4 address space
country: EU # Country is really world wide
org: ORG-IA NA1-RIPE
admin-c: IA NA1-RIPE
tech-c: IA NA1-RIPE
status: ALLOCATED UNSPECIFIED "status:" definitions
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
Mont-by: RIPE-NC-HM-MONT
Mont-lower: RIPE-NC-HM-MONT
Mont-routes: RIPE-NC-RPS-MONT
source: RIPE # Filtered

--------------------------------------

HTTP://Q.panic.net/panic-bin/who is.pl/

-------------------------------------
%ERROR:101: no entries found
%
% No entries found in the selected source(s).
-----------------------------------------

I'm just a little curious.

/Anders

Re: Odd IP.

On Fri, 04 May 2007 22:23:04 GMT, Anders wrote:

> Sebastian G. skrev:
>
>> I really wonder... you know 'traceroute', but you don't know 'whois'?
>
> Just for you Sebastian, so that you can see for you self.
>
> HTTP://ws.arin.net/cgi-bin/who is.pl :

Just for you Anders

inetnum: 218.144.0.0 - 218.159.255.255
netname: KORNET
descr: KOREA TELECOM
descr: Network Management Center
country: KR
admin-c: DL248-AP
tech-c: GK40-AP
remarks: ***********************************************
remarks: KRNIC of NIDA is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the NIDA Whois DB
remarks: http://whois.nida.or.kr/english/index.html
remarks: ***********************************************
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hostmaster@apnic.net 20010924
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20041007
source: APNIC

person: Dong-Joo Lee
address: 128-9 Yeong-Dong Jongro-Ku Seoul
address: Network Management Center
country: KR
phone: +82-2-766-1407
fax-no: +82-2-766-6008
e-mail: ip@krnic.kornet.net
e-mail: abuse@kornet.net
nic-hdl: DL248-AP
mnt-by: MAINT-NEW
changed: hostmaster@nic.or.kr 20061010
source: APNIC

person: Gyung-Jun Kim
address: KORNET
address: 128-9, Yeong-Dong, Jongro-Ku
address: SEOUL
address: 110-763
country: KR
phone: +82-2-747-9213
fax-no: +82-2-3673-5452
e-mail: ip@krnic.kornet.net
e-mail: abuse@kornet.net
nic-hdl: GK40-AP
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20061009
source: APNIC

inetnum: 218.150.110.9 - 218.150.110.9
netname: KORNET-10133436260-KR
descr: DAEJEON Metropolitan City
country: KR
admin-c: IM0148839-KR
tech-c: IM0148839-KR
remarks: This IP address space has been allocated to KRNIC.
remarks: For more information, using KRNIC Whois Database
remarks: whois -h whois.nic.or.kr
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr
source: KRNIC

And

218.150.110.9 is listed as an open proxy in dnsbl.njabl.org.

218.150.110.9 is listed in blackholes.njabl.org: Korea blocked by
korea.blackholes.us

218.150.110.9 has no PTR

It was added to the list: Sat Aug 20 21:34:16 2005 EST

Re: Odd IP.

Slarty wrote:
> On Fri, 04 May 2007 22:23:04 GMT, Anders wrote:
>
>> Sebastian G. skrev:
>>
>>> I really wonder... you know 'traceroute', but you don't know 'whois'?
>> Just for you Sebastian, so that you can see for you self.
>>
>> HTTP://ws.arin.net/cgi-bin/who is.pl :
>
> inetnum: 218.150.110.9 - 218.150.110.9
> netname: KORNET-10133436260-KR
> descr: DAEJEON Metropolitan City
> country: KR
> admin-c: IM0148839-KR
> tech-c: IM0148839-KR
> remarks: This IP address space has been allocated to KRNIC.
> remarks: For more information, using KRNIC Whois Database
> remarks: whois -h whois.nic.or.kr
> mnt-by: MNT-KRNIC-AP
> remarks: This information has been partially mirrored by APNIC from
> remarks: KRNIC. To obtain more specific information, please use the
> remarks: KRNIC whois server at whois.krnic.net.
> changed: hostmaster@nic.or.kr
> source: KRNIC

And if you check the korean whois you get even more details: (I just
copy the english information here and not the korean ;-)

If you want to complain there are a few e-mail addresses listed.

Gerald

----------- snip

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The followings is organization information that is using the IPv4 address.

IPv4 Address : 218.150.110.9-218.150.110.9
Network Name : KORNET-10133436260
Connect ISP Name : KORNET
Registration Date : 20060405
Publishes : N

[ Organization Information ]
Organization ID : ORG556593
Org Name : DAEJEON Metropolitan City
Address : Yucheon-dong, Jung-gu
Zip Code : 301140

[ Technical Contact Information ]
Org Name : DAEJEON Metropolitan City
Address : Yucheon-dong, Jung-gu
Zip Code : 301140
E-Mail : ip@krnic.kornet.net

------------------------------------------------------------ --------------------

If the above contacts are not reachable, please contact following ISP
for further information.

[ ISP IPv4 Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-3674-5708
E-Mail : ip@krnic.kornet.net

[ ISP IPv4 Tech Contact Information ]
Name : IP Manager
Phone : +82-2-3674-5708
E-Mail : ip@krnic.kornet.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-100-0000
E-Mail : abuse@kornet.net

Re: Odd IP.

Gerald Vogt wrote:

> If you want to complain there are a few e-mail addresses listed. [Some
> addresses in Korea]

Abuse departments do not exist in Korea.

Of course there is nothing wrong to publish those whois entries on usenet to
make shure that Korean administrators recieve the latest information about
p*nis enlargement, cheap pills and penny stocks.

;)

Wolfgang

Re: Odd IP.

Gerald Vogt skrev:
> Slarty wrote:

OK, Korea, that is in Asia, but then I did the traceroute the first 12
jump was
in Sweden the second 3 jump was in Holland and then there is 5 jump in US,
all this jumps telling me nicely who they are, but then there is 7 jump
that is
only give a way the IP's including 218.150.110.9.

So my conclusion was that it was some machine in US or
North/South-America, not on
the other side of the world, and then I did a whois on the IP from my
own little
prog it just closed down the connection with out no info.

That it could be an IP from Korea never comes to my mind, I was in for
that it rather
could be some unregistered spammer in US. ;-)

Thank's for the info.

/Anders

Re: Odd IP.

Anders wrote:
> OK, Korea, that is in Asia, but then I did the traceroute the first 12
> jump was
> in Sweden the second 3 jump was in Holland and then there is 5 jump in US,
> all this jumps telling me nicely who they are, but then there is 7 jump
> that is
> only give a way the IP's including 218.150.110.9.
>
> So my conclusion was that it was some machine in US or
> North/South-America, not on
> the other side of the world, and then I did a whois on the IP from my
> own little
> prog it just closed down the connection with out no info.

Very much traffic still goes through the U.S. Many connections from Asia
to Europe go through the U.S. I suppose this is because many people
still use servers in the U.S. and they have enough bandwidth. And maybe
it makes it easier for the U.S. to tap world-wide internet traffic...

Gerald

Re: Odd IP.

On May 4, 3:34 pm, Anders wrote:
> A couple of day's ago I find this in my router's log, is nothing
> peculiar and no alarming about it.
> But then I trying to look up the IP, all the services I have used so far
> say's the IP don't exist.
>
> -------------------------------
> Thursday May 03, 2007 13:08:54 Unrecognized attempt blocked from
> 218.150.110.9:2270 to 83.252.171.112 TCP:3128
> Thursday May 03, 2007 13:09:15 Unrecognized attempt blocked from
> 218.150.110.9:2328 to 83.252.171.112 TCP:6588
> Thursday May 03, 2007 13:08:33 Unrecognized attempt blocked from
> 218.150.110.9:2217 to 83.252.171.112 TCP:8080
> -------------------------------
>
> A traceroute tells me that the IP is in use and is responding.
>
> -------------------------------
> :~$ traceroute 218.150.110.9
> traceroute to 218.150.110.9 (218.150.110.9), 30 hops max, 40 byte packets
> 1 ipcop.ajjas.localdomain (192.168.xx.xx) 2.049 ms 0.509 ms 0.450 ms
> *
> * Sniped it down a little
> *
> 27 218.150.110.9 (218.150.110.9) 358.686 ms 364.649 ms 382.702 ms
> -------------------------------
>
> Is there any way to find out more on this IP '218.150.110.9'?
>
> /Anders

Try using www.dnsstuff.com. They have some useful tools.

Re: Odd IP.

Post removed (X-No-Archive: yes)