Can anyone idenity this ip?

[KingOfKings]

Does anyone know whos IP this is?
MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 65.55.197.248
Their attacking my server

 

[KingOfKings]

Jul 25 10:00:42 (none) user.alert kernel: RemoteAccess: IN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 RemoteAccess : 69.63.178.11 attempting to remotely manage the Router 194
Jul 25 10:01:15 (none) user.alert kernel: RemoteAccess: IN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 RemoteAccess : 69.63.178.11 attempting to remotely manage the Router 194
Jul 25 10:01:48 (none) user.alert kernel: RemoteAccess: IN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 RemoteAccess : 65.55.197.248 attempting to remotely manage the Router 195
Jul 25 10:01:48 (none) user.alert kernel: PORTSCANNERIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 65.55.197.248 157
Jul 25 10:17:33 (none) user.alert kernel: RemoteAccess: IN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 RemoteAccess : 123.18.114.6 attempting to remotely manage the Router 194
Jul 25 10:20:43 (none) user.alert kernel: RemoteAccess: IN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 RemoteAccess : 76.196.66.236 attempting to remotely manage the Router 195
Jul 25 10:23:51 (none) user.alert kernel: LANDATTACKIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 92.96.252.95 155
Jul 25 10:23:53 (none) user.alert kernel: LANDATTACKIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 69.151.193.23 156
Jul 25 10:23:53 (none) user.alert kernel: SYNFLOODIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 69.151.193.23 154
Jul 25 10:23:54 (none) user.alert kernel: LANDATTACKIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 88.156.123.221 157
Jul 25 10:23:54 (none) user.alert kernel: SYNFLOODIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 88.156.123.221 155
Jul 25 10:23:55 (none) user.alert kernel: LANDATTACKIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 92.16.15.112 155
Jul 25 10:23:55 (none) user.alert kernel: SYNFLOODIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 92.16.15.112 153
Jul 25 10:23:56 (none) user.alert kernel: LANDATTACKIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 83.2.211.19 154
Jul 25 10:23:56 (none) user.alert kernel: SYNFLOODIN=nas_0_101 OUT= MAC=00:1c:df:08:3a:66:00:90:d0:63:ff:3d:08:00 attack detected from 83.2.211.19 152

 

[Demonolith]

MasterQ probably

 

[KingOfKings]

na wont be him hes a m8

 

[mapadale]

Here you go.

IP Address
[B]65.55.197.248[/B]
Base Domain
[B]65.55.197.248[/B]
Country
[B]United States [IMG]http://www.yougetsignal.com/img/flags/us.gif[/IMG][/B]
Region
[B]Unknown[/B]
City
[B]Unknown[/B]
Latitude
[B]38[/B]
Longitude
[B]-97[/B]
Area Code
[B]Unknown[/B]
Postal Code
[B]Unknown[/B]
Distance from Last
(as the crow flies)
[B]4380.0 miles[/B]
Source

IP Address
[B]92.96.252.95[/B]
Base Domain
[B]false[/B]
Country
[B]United Arab Emirates [IMG]http://www.yougetsignal.com/img/flags/ae.gif[/IMG][/B]
Region
[B]06[/B]
City
[B]Sharjah[/B]
Latitude
[B]25.3622[/B]
Longitude
[B]55.3911[/B]
Area Code
[B]Unknown[/B]
Postal Code
[B]Unknown[/B]
Distance from Last
(as the crow flies)
[B]7715.8 miles[/B]
Source
[URL="http://www.maxmind.com/"][B][COLOR=#0000ff]MaxMind[/COLOR][/B][/URL]

P Address
[B]69.151.193.23[/B]
Base Domain
[B]false[/B]
Country
[B]United States [IMG]http://www.yougetsignal.com/img/flags/us.gif[/IMG][/B]
Region
[B]TX[/B]
City
[B]Houston[/B]
Latitude
[B]29.7755[/B]
Longitude
[B]-95.4152[/B]
Area Code
[B]713[/B]
Postal Code
[B]Unknown[/B]
Distance from Last
(as the crow flies)
[B]8173.4 miles[/B]
Source
[URL="http://www.maxmind.com/"][B][COLOR=#0000ff]MaxMind[/COLOR][/B][/URL]

IP Address
88.156.123.221
Base Domain
false
Country
Poland

Region
31
City
Gdynia
Latitude
54.5
Longitude
18.55
Area Code
Unknown
Postal Code
Unknown
Distance from Last
(as the crow flies)
5429.1 miles
Source
MaxMind

IP Address
[B]83.2.211.19[/B]
Base Domain
[B]xcore.pl[/B]
Country
[B]Poland [IMG]http://www.yougetsignal.com/img/flags/pl.gif[/IMG][/B]
Region
[B]41[/B]
City
[B]Jaroslaw[/B]
Latitude
[B]51.0667[/B]
Longitude
[B]16.5167[/B]
Area Code
[B]Unknown[/B]
Postal Code
[B]Unknown[/B]
Distance from Last
(as the crow flies)
[B]252.2 miles[/B]
Source
[URL="http://www.maxmind.com/"][B][COLOR=#0000ff]MaxMind[/COLOR][/B][/URL]

 

[Nightrider]

1)

65.55.197.248 UNITED STATES NEW YORK NEW YORK 40.7488
-73.9846 10001 -05:00


2)

69.63.178.11 UNITED STATES CALIFORNIA PALO ALTO 37.4404
-122.14 94301 -08:0


3)

123.18.114.6 VIET NAM - - 21.033
105.85 - +07:00

4)

76.196.66.236 UNITED STATES NEW YORK NEW YORK 40.7488
-73.9846 10001 -05:00

4)

88.156.123.221 POLAND WARMINSKO-MAZURSKIE OLSZTYN 53.783
20.483 - +01:00
Net Speed ISP Domain
- NETWORK IN BIALYSTOK GDYNIA SKIERNIEWICE KOSCIERZYNA BELCHATOW VECTRANET.PL



If you do wanna take action against them Pain drop me a pm ill give you their isp's ect
-Dan

 

[Zero]

1)

65.55.197.248 UNITED STATES NEW YORK NEW YORK 40.7488
-73.9846 10001 -05:00


2)

69.63.178.11 UNITED STATES CALIFORNIA PALO ALTO 37.4404
-122.14 94301 -08:0


3)

123.18.114.6 VIET NAM - - 21.033
105.85 - +07:00

4)

76.196.66.236 UNITED STATES NEW YORK NEW YORK 40.7488
-73.9846 10001 -05:00

4)

88.156.123.221 POLAND WARMINSKO-MAZURSKIE OLSZTYN 53.783
20.483 - +01:00
Net Speed ISP  Domain
- NETWORK IN BIALYSTOK GDYNIA SKIERNIEWICE KOSCIERZYNA BELCHATOW VECTRANET.PL



If you do wanna take action against them Pain drop me a pm ill give you their isp's ect
-Dan

Oh you would, would you and whats he going to do with that information.

Cause I'm sorry to say, its illegal to run a private server and its also against his ISP policy for his internet connection to be used for that of illegal trade.

Sorry pain, but that information that you have supplied is nothing more than server connections and I take it that information has come from a router firewall as well. If someone was really attacking you, you wouldn't have one or two IP address of the same kind. You would have several hundred exact IP's all together in one batch and not just two here and two there.

Why not spend the time reading on the net about "DoS" and get an understanding of it, then maybe you would get to know the difference between a firewall connection and someone DDos'in server.

Oh and also before I forget as well, supplying IP address in the UK fall under the missuse of data act.

 

[Nightrider]

Now it doesn't, they would be barred from their ISP for Denial of service attacks onto a dedicated server, the ISP would not need to know what is on the dedicated server all they would go by is the DDOS attacks, Pain what i would surgest is putting a Loop back onto your dedicated server.
-Dan

 

[JoeAshton]

its a home pc not a dedi

 

[Nightrider]

still doesn't make a blind bit of diffrence, they do not need to know whats going on on your internet connection, if they do have a reason to suspect you of doing this then they will ask you about it and then monitor your internet, also why would it involve his ISP, he would be going to their isp's about this....
-Dan

 

[Zero]

Now it doesn't, they would be barred from their ISP for Denial of service attacks onto a dedicated server, the ISP would not need to know what is on the dedicated server all they would go by is the DDOS attacks, Pain what i would surgest is putting a Loop back onto your dedicated server.
-Dan

One its not a dedicated server.
Two its illegal to host a private server.
Three the ISP would investigate the issue of "DoS", this would also be to include everything that is being sent and received by the machine and for what reason the "DoS" is happening.
Four its a home server, run on a residential line.

still doesn't make a blind bit of diffrence, they do not need to know whats going on on your internet connection, if they do have a reason to suspect you of doing this then they will ask you about it and then monitor your internet, also why would it involve his ISP, he would be going to their isp's about this....
-Dan

Your internet is monitored from the moment you join an ISP and every now and again the ISP will do a random check on logs. Yes there are millions of people who use the internet on a daily basis, but yes everything that you do on the internet is watched to some degree.

And yes the ISP would investigate why "DoS" is being done to this machine, especially when "DoS" is used to stop people from doing somthing. Every complaint logged is investigated. So it doesn't matter wether you report it to there ISP or your own, ether way your going to get yourself in trouble.

Oh and a loop back wouldn't do anything at all, he needs a "DoS" firewall and a decent one at that. Which by the way a "DoS firewall would react in such a way that it sends back "Request Timed Out", due to ghosting.

Oh and don't try to act clever when your not, cause with both those threads after mine. You made yourself look like an idiot.

 

[Nightrider]

Ok then kiddo, also there called Posts now threads :P
But a loop back would work, also i've already said he wouldn't have to involve his ISP only theirs, also as there not english isp's it would matter anyway.

Cba argueing with a kid any more..
-Dan

 

[Zero]

Ok then kiddo, also there called Posts now threads :P
But a loop back would work, also i've already said he wouldn't have to involve his ISP only theirs, also as there not english isp's it would matter anyway.

Cba argueing with a kid any more..
-Dan

Who do you think your calling a kid.
I know for a fact that with this, I know a hell of a lot more than what you do Dan. I happen to be a network manager for a very big ISP in the UK, who also happens to be a fully qualiified MCSE/MCSA & CCNA network engineer.

It doesn't matter wether or not he reports it to his or there ISP, it still has to be investigated and during investigation. The other ISP is also contacted for certain information regarding the users own internet usage.

Seeing as Pain's server is hosted on a residential ISP connection and not that of a buisness line, it cause's questions to be asked and to why somone would interupt a residential line. Seeing as most "DoS" don't happen on residential lines.

Oh and Dan, adding a loop back onto his connection could cause issues of people outside of the UK connecting to his server. As it forces the notion of no connection and timed out connections.

 

[Kaori]

What program is that?

Is this the first time you are looking at the logs?

Once you start using the internet you will get these random attackers (port scan is a common one), so it's very normal to get random ips doing things to you.

time to close. this has nothing to do with mir.