IP trace

General Discussion about IP Address Lookup caveats, technology, ideas, etc.

Moderator: Moderators

IP trace

Postby Mowin on Tue Jun 27, 2006 9:59 am

My fire wall tells me that 83.252.141.28 : 61665 is trying to access my computer. What does ": 61665" mean and is it possible to find out who it is? My fire wall tells me that I should accept the access attempt - should I do that?
Mowin, Denmark
Mowin
n00b
 
Posts: 5
Joined: Tue Jun 27, 2006 9:48 am

Postby robocoder on Tue Jun 27, 2006 1:34 pm

61665 is the port number. A connection is formed by two endpoints (the source and destination), where each endpoint consists of an IP address and a port. (The port is typically allocated by a process or program.) Unless the port number is < 1024, the port number does not convey meaningful information about the connection (e.g., application).

See also:
http://en.wikipedia.org/wiki/List_of_well-known_ports_(computing)

I'm surprised your firewall would advise you to accept the connection... (That ip, 83.252.141.28, is allocated to a Swedish ISP.)
User avatar
robocoder
Veteran
 
Posts: 105
Joined: Sat Mar 25, 2006 8:10 pm
Location: Ontario, Canada

Postby Mowin on Tue Jun 27, 2006 2:59 pm

Thanks for your answer.
Actualy I get access atempts from 5 different IPs.
I´ll monitor the situation and I´ll let my firewall block the IPs
Mowin
Mowin
n00b
 
Posts: 5
Joined: Tue Jun 27, 2006 9:48 am

Postby robocoder on Wed Jun 28, 2006 8:20 am

If your firewall permits, check to see what the destination port number is. (It would be paired with your IP address.) This might give you an idea of what service the incoming connection is attempting to establish.
User avatar
robocoder
Veteran
 
Posts: 105
Joined: Sat Mar 25, 2006 8:10 pm
Location: Ontario, Canada

Postby Mowin on Thu Jun 29, 2006 2:50 am

Now I think I have figured it out - thank to your help.
The destination port is 6881 which has to do with my P2P klient.
Now a new question arises. If the IPs i question had not been blocked would they then have had acces to my computer in general or only the folder used for P2P?
Mowin
Mowin
n00b
 
Posts: 5
Joined: Tue Jun 27, 2006 9:48 am

Postby robocoder on Thu Jun 29, 2006 5:45 am

Theoretically, the P2P client should only be limited to sharing files in your designated share folder. But in actuality, this will depend on the authors of your P2P client.
  • Did they write secure code? (avoiding potential buffer overflows, etc)
  • Did they take precautions to prevent access to files outside the share folder? (e.g., checking absolute paths, ".." in the path, etc)
  • Did they ship with a backdoor (e.g., for debugging) that could be exploited?
In addition, do you regularly scan your system (especially downloaded files) for spyware and virii?
User avatar
robocoder
Veteran
 
Posts: 105
Joined: Sat Mar 25, 2006 8:10 pm
Location: Ontario, Canada

Postby Mowin on Thu Jun 29, 2006 8:08 am

Well, I am sorry to say that I am not able to answer your questions.
My client is Bittorrent and I hope it is OK.
I scan my computer regulary with Norton Internet Security and it does not find anything wrong.
However, at one ocation I by mistake allowed one of the suspicious IPs to access my system. So now I am a little vorried about what the consequens is!? I did not notice the IP number and now I dont know what and who I have invited in.

Mowin
Mowin
n00b
 
Posts: 5
Joined: Tue Jun 27, 2006 9:48 am

Postby robocoder on Thu Jun 29, 2006 11:45 am

On the whole, I think you have greater risk in the files you download versus whatever client you choose to use.

If you search Google for "bittorrent exploit", you'll see "cheating", "poisoning", and "spyware/adware" as the biggest concerns.
http://www.google.ca/search?q=bittorrent+exploit
User avatar
robocoder
Veteran
 
Posts: 105
Joined: Sat Mar 25, 2006 8:10 pm
Location: Ontario, Canada

Postby Zazz on Thu Jun 29, 2006 2:31 pm

It is generally encouraged to allow others to connect to you when running a bittorrent client, as the bittorrent protocol gives greater download speed to those who upload to others more. Your client is also actively connecting to other people's clients and giving them access to the same files they would acquire when they connect to you -- this is how the protocol works. There is little reason to block the IPs; the potential security gain is only very minimal and the decrease in your download speed can be drastic, depending on the download.
Zazz
n00b
 
Posts: 8
Joined: Sun Jun 25, 2006 11:48 am

Postby Mowin on Thu Jun 29, 2006 3:42 pm

Thanks Zazz and Robocoder.
Never the less I am still a little confused. My P2P client vas not running and I am behind a router. In spite af that someone has been able to address my computer.
But anyway I have now, with your help, found out what is going on. As you might have figured out my knowlege of network is limited and i have to study these things my self in the future.

Mowin
Mowin
n00b
 
Posts: 5
Joined: Tue Jun 27, 2006 9:48 am

Postby Zazz on Thu Jun 29, 2006 5:11 pm

If the program is not running you should not let them in. However, it probably does not matter if you do, because there is nothing listening on that port for them to connect to. It's strange that the firewall would even alert you to them connecting if there's nothing running -- are you sure it isn't running? It may have been minimized to the system tray or running in the background somehow.

It is normal for people to try to connect to you after you close it, though -- they don't know that you closed it, and their client still tries to connect. They're probably able to get to you because you have forwarded the bittorrent port in your router for the bittorrent download to work -- either that, or the bittorrent client may have forwarded the port for you; many of them do that now, without even asking!
Zazz
n00b
 
Posts: 8
Joined: Sun Jun 25, 2006 11:48 am


Return to IP Address Lookup

Who is online

Users browsing this forum: No registered users and 6 guests

cron