Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#1 Le 23/09/2005, à 08:01

Orphée

Requetes de ping douteuse venant toujours de la même IP ?

Bonjour voilà j'aimerai votre avis, je reçois constemment des requètes de ping venant de cette IP :
145.254.11.150
le nom de l'hote :
han-145-354-11-150.arcor-ip.net

Est-ce que quelqu'un sait d'où ça vient ? une application que j'aurai installé ?
Sous windows je n'ai pas ces requètes..

Je suis derrière une Freebox en mode routeur..

ça me le fait chez moi mais aussi chez un ami qui est aussi sur Freebox ..

Je n'ai pas su trouver plus d'info sur cette adresse...
@+

Hors ligne

#2 Le 23/09/2005, à 11:57

Valère

Re : Requetes de ping douteuse venant toujours de la même IP ?

quelques infos sur cette ip :

145.254.11.150 resolved to han-145-254-11-150.arcor-ip.net

DNS Query Results:


    ; <<>> DiG 9.2.2-P3 <<>> any han-145-254-11-150.arcor-ip.net
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54505
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;han-145-254-11-150.arcor-ip.net. IN ANY

    ;; ANSWER SECTION:
    han-145-254-11-150.arcor-ip.net. 43200 IN A 145.254.11.150

    ;; Query time: 229 msec
    ;; SERVER: 80.245.58.1#53(80.245.58.1)
    ;; WHEN: Fri Sep 23 12:55:14 2005
    ;; MSG SIZE rcvd: 65

WWWhois Results:

    Connecting to whois.crsnic.net...

    NOT FOUND: No match for 145.254.11.150

    Whois Server Version 1.3

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.

    No match for "145.254.11.150".

    >>> Last update of whois database: Fri, 23 Sep 2005 02:11:18 EDT <<<

    NOTICE: The expiration date displayed in this record is the date the
    registrar's sponsorship of the domain name registration in the registry is
    currently set to expire. This date does not necessarily reflect the expiration
    date of the domain name registrant's agreement with the sponsoring
    registrar. Users may consult the sponsoring registrar's Whois database to
    view the registrar's reported date of expiration for this registration.

    TERMS OF USE: You are not authorized to access or query our Whois
    database through the use of electronic processes that are high-volume and
    automated except as reasonably necessary to register domain names or
    modify existing registrations; the Data in VeriSign Global Registry
    Services' ("VeriSign") Whois database is provided by VeriSign for
    information purposes only, and to assist persons in obtaining information
    about or related to a domain name registration record. VeriSign does not
    guarantee its accuracy. By submitting a Whois query, you agree to abide
    by the following terms of use: You agree that you may use this Data only
    for lawful purposes and that under no circumstances will you use this Data
    to: (1) allow, enable, or otherwise support the transmission of mass
    unsolicited, commercial advertising or solicitations via e-mail, telephone,
    or facsimile; or (2) enable high volume, automated, electronic processes
    that apply to VeriSign (or its computer systems). The compilation,
    repackaging, dissemination or other use of this Data is expressly
    prohibited without the prior written consent of VeriSign. You agree not to
    use electronic processes that are automated and high-volume to access or
    query the Whois database except as reasonably necessary to register
    domain names or modify existing registrations. VeriSign reserves the right
    to restrict your access to the Whois database in its sole discretion to ensure
    operational stability. VeriSign may restrict or terminate your access to the
    Whois database for failure to abide by these terms of use. VeriSign
    reserves the right to modify these terms at any time.

    The Registry database contains ONLY .COM, .NET, .EDU domains and
    Registrars.

IP Whois Results:

    Connecting to whois.arin.net...

    Deferred to specific whois server: whois.ripe.net...

    % This is the RIPE Whois query server #2.
    % The objects are in RPSL format.
    %
    % Note: the default output of the RIPE Whois server
    % is changed. Your tools may need to be adjusted. See
    % http://www.ripe.net/db/news/abuse-proposal-20050331.html
    % for more details.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    % Note: This output has been filtered.
    %       To receive output for a database update, use the "-B" flag

    % Information related to '145.254.11.0 - 145.254.11.255'

    inetnum:      145.254.11.0 - 145.254.11.255
    netname:      ARCOR-BACKBONE-HAN-NET1
    descr:        Arcor AG & Co
    descr:        Alfred-Herrhausen-Allee 1
    descr:        D-65760 Eschborn
    descr:        Germany
    country:      DE
    admin-c:      ANOC1-RIPE
    tech-c:       ANOC1-RIPE
    status:       ASSIGNED PA
    mnt-by:       ARCOR-MNT
    source:       RIPE # Filtered

    role:           Mannesmann Arcor Network Operation Center
    address:        Arcor AG & Co.KG
    address:        Department TBN
    address:        Otto-Volger-Str. 19
    address:        D-65843 Sulzbach/Ts.
    address:        Germany
    phone:          +49 6196 523 0864
    remarks:        trouble:      Security issues mailto:abuse@arcor-ip.de
    remarks:        trouble:      Information http://www.arcor.net
    remarks:        trouble:      Peering contact mailto:peering@adm.arcor.net
    remarks:        trouble:      Operational issues mailto:noc@adm.arcor.net
    remarks:        trouble:      Address assignment mailto:ip-registry@arcor.net
    admin-c:        PN667-RIPE
    admin-c:        SM9000-RIPE
    admin-c:        JS19072-RIPE
    admin-c:        DH6636-RIPE
    admin-c:        AR9338-RIPE
    admin-c:        TK11590-RIPE
    admin-c:        RH12597-RIPE
    admin-c:        MW877-RIPE
    admin-c:        FB3293-RIPE
    tech-c:         NH15-RIPE
    nic-hdl:        ANOC1-RIPE
    mnt-by:         ARCOR-MNT
    source:         RIPE # Filtered
    abuse-mailbox:  abuse@arcor-ip.de

    % Information related to '145.254.0.0/16AS3209'

    route:        145.254.0.0/16
    descr:        ARCOR-IP
    origin:       AS3209
    mnt-by:       ARCOR-MNT
    source:       RIPE # Filtered


Checking Port 80...


    Warning: fsockopen(): unable to connect to 145.254.11.150:80 in /export/lg.hostingfrance.com/htdocs/index.php on line 309
    Port 80 does not appear to be open.

Ping Results:

    PING 145.254.11.150 (145.254.11.150) 56(84) bytes of data.
    64 bytes from 145.254.11.150: icmp_seq=0 ttl=249 time=38.2 ms
    64 bytes from 145.254.11.150: icmp_seq=1 ttl=249 time=140 ms
    64 bytes from 145.254.11.150: icmp_seq=2 ttl=249 time=37.3 ms
    64 bytes from 145.254.11.150: icmp_seq=3 ttl=249 time=391 ms
    64 bytes from 145.254.11.150: icmp_seq=4 ttl=249 time=37.5 ms

    --- 145.254.11.150 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4045ms
    rtt min/avg/max/mdev = 37.395/129.098/391.891/137.286 ms, pipe 2

Traceroute Results:

    1 switch2-vlan2-backbone (80.245.58.12) 0.549 ms 0.491 ms 0.463 ms
    2 fe-ve99-0-5.br6.th2.fr.ovanet.net (80.245.58.45) 16.096 ms 15.368 ms 15.289 ms
    3 ge-ve33-2-8.br2.th2.fr.eurowan.net (85.12.148.26) 16.173 ms 15.204 ms 16.067 ms
    4 194.68.129.139 (194.68.129.139) 15.647 ms 15.375 ms 15.434 ms
    5 dus-145-254-19-117.arcor-ip.net (145.254.19.117) 36.176 ms 36.393 ms 50.110 ms
    6 esn-145-254-19-177.arcor-ip.net (145.254.19.177) 36.161 ms 36.316 ms 36.316 ms
    7 han-145-254-18-242.arcor-ip.net (145.254.18.242) 37.106 ms 36.223 ms 36.750 ms
    8 * * *
    9 * * *
    10 * * *
    11 han-145-254-11-150.arcor-ip.net (145.254.11.150) 37.670 ms * *

1984 was not supposed to be an instruction manual
hostux.net serveur mail/jabber + hébergement d'images.

Hors ligne

#3 Le 23/09/2005, à 16:06

Orphée

Re : Requetes de ping douteuse venant toujours de la même IP ?

Merci ! mais ça ne m'en dit guere plus... sad

Comment lister toutes les applications essayant de se connecter à internet ?

Dernière modification par Orphée (Le 23/09/2005, à 16:16)

Hors ligne

#4 Le 23/09/2005, à 17:06

dawar

Re : Requetes de ping douteuse venant toujours de la même IP ?

sudo netstat -pa |grep tcp pour voir les connexions tcp.


S'il n'y a pas de solution, c'est qu'il n'y a pas de problème (Devise Shadoks)

Hors ligne

#5 Le 23/09/2005, à 17:15

Orphée

Re : Requetes de ping douteuse venant toujours de la même IP ?

Je soupsonne un de mes process louche, parce que j'ai changé les règles de Firestarter pour empecher toute sortie non définie, et je n'ai plus de ping venant de cette IP, je suppose donc que c'est un process qui sort, et quand l'autre en face répondait Firestarter le bloquait..

Hors ligne

#6 Le 23/09/2005, à 17:30

Orphée

Re : Requetes de ping douteuse venant toujours de la même IP ?

tcp        0      0 *:8000                  *:*                     LISTEN     11341/python
tcp        0      0 localhost.localdo:32769 *:*                     LISTEN     -
tcp        0      0 localhost.localdo:32770 *:*                     LISTEN     -
tcp        0      0 *:614                   *:*                     LISTEN     -
tcp        0      0 *:netbios-ssn           *:*                     LISTEN     -
tcp        0      0 *:5900                  *:*                     LISTEN     8179/vino-server
tcp        0      0 *:sunrpc                *:*                     LISTEN     -
tcp        0      0 localhost.localdo:64976 *:*                     LISTEN     8243/wish
tcp        0      0 localhost.localdoma:ipp *:*                     LISTEN     -
tcp        0      0 *:nessus                *:*                     LISTEN     -
tcp        0      0 localhost.localdomai:25 *:*                     LISTEN     -
tcp        0      0 *:gdomap                *:*                     LISTEN     -
tcp        0      0 *:microsoft-ds          *:*                     LISTEN     -
tcp        0      0 localhost.localdo:49365 localhost.localdo:32769 ESTABLISHED-
tcp        0      0 192.168.0.100:57816     baym4-sb3.messenge:1863 CLOSE_WAIT 8243/wish
tcp        0      0 192.168.0.100:42584     baym-cs196.msgr.ho:1863 ESTABLISHED8243/wish
tcp        0      0 localhost.localdoma:ipp localhost.localdo:50636 ESTABLISHED-
tcp        0      0 192.168.0.100:50886     baym-sb49.msgr.hot:1863 CLOSE_WAIT 8243/wish
tcp        0      0 localhost.localdo:32769 localhost.localdo:49365 ESTABLISHED-
tcp        0      0 192.168.0.100:58099     baym-sb112.msgr.ho:1863 CLOSE_WAIT 8243/wish
tcp        0      0 192.168.0.100:41733     baym-sb12.msgr.hot:1863 CLOSE_WAIT 8243/wish
tcp        0      0 192.168.0.100:55602     ns0.apinc.org:www       ESTABLISHED12098/firefox-bin
tcp        0      0 192.168.0.100:55603     ns0.apinc.org:www       ESTABLISHED12098/firefox-bin
tcp        0      0 localhost.localdo:50636 localhost.localdoma:ipp ESTABLISHED8233/gnome-cups-ico
tcp        0      0 192.168.0.100:41928     baym4-sb11.messeng:1863 ESTABLISHED8243/wish
tcp        0      0 192.168.0.100:57981     baym4-sb10.messeng:1863 CLOSE_WAIT 8243/wish
tcp6       0      0 *:ssh                   *:*                     LISTEN     -

Hors ligne