Jump to content


Photo

So much for routers... Heh...

Started by 23Antz , Jul 15 2004 11:56 AM

  • Please log in to reply
3 replies to this topic

#1 23Antz

23Antz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 15 July 2004 - 11:56 AM

Maybe all routers aren't created equal, but I installed the DI604 yesterday and today Norton logged this:

Trojan attempt detected from address 204.157.1.94:7777 by rule "Default Block Bla Trojan horse". Inbound UDP packet


And, curiously, ARIN says:

Search results for: 204.157.1.94:7777

AGIS ALERON-204-157 (NET-204-157-0-0-1)
204.157.0.0 - 204.157.255.255
Defender Technologies Group, LLC DEFENDER-204-157-1-0-24 (NET-204-157-1-0-1)
204.157.1.0 - 204.157.1.255


A Yahoo search:
http://www.deftechgroup.com/

More from ARIN:

OrgName: Defender Technologies Group, LLC
OrgID: DTGL
Address: 43643 Mink Meadows St
City: South Riding
StateProv: VA
PostalCode: 20152
Country: US

NetRange: 204.157.1.0 - 204.157.1.255
CIDR: 204.157.1.0/24
NetName: DEFENDER-204-157-1-0-24
NetHandle: NET-204-157-1-0-1
Parent: NET-204-157-0-0-1
NetType: Reassigned
Comment:
RegDate: 2004-03-30
Updated: 2004-03-30

OrgTechHandle: TKI5-ARIN
OrgTechName: Kiblin, Tom
OrgTechPhone: +1-703-327-7368
OrgTechEmail: admin@defenderhosting.com

___________


THe really odd thing about all this is that the Norton alert log doesn't show my actual IP as the "local address." It shows this:

192.168.0.100

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

Man, this networking stuff is just kooky.

Edited by 23Antz, 15 July 2004 - 12:10 PM.

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 16 July 2004 - 08:25 AM

Heh, that is your "real" IP address. You're behind a router with NAT (Network Address Translation), which assigns your machine an address in a block of IPs exclusively reserved for machines behind routers, and thus can be duplicated all over the world with no ill effects on the Internet itself.

The 192.168.x.x range is reserved for NAT, as is 10.x.x.x.
Signature file is under revision. This will be back shortly.

#3 23Antz

23Antz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 16 July 2004 - 11:02 AM

Heh, this is virtually indistinguishable from magic.

Should I get a copy of Networking for Dummies? Or just go with the assumption that the router is adding a layer to my defenses and otherwise not worry about it?

:weee:

#4 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 17 July 2004 - 08:53 AM

Definitely get a copy of networking for dummies, plus one on network computer security.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.
Back to Firewalls and Proxies


  1. SpywareInfo Forum
  2. General Computing Issues
  3. Firewalls and Proxies
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button