Tiscali / TalkTalk User

Johnno · 23-04-2007, 10:10 AM

all this morning my firewall has been blocking attempted connections on seemingly every port imaginable from 5.20.161.34 which according to ARIN whois, belongs to IANA.
seems to be that most (if not all are TCP requests)
I'm behind an NAT router so not sure why this is getting passed onto my computer.......using XP home SP2, Zonealarm (latest version), avast! antivirus.
anyone got any suggestions as to whats going on?
Thanks
John

Karl Prince · 23-04-2007, 05:22 PM

Welcome to the world of BOGON networks http://www.completewhois.com/bogons/index.htm

Somebody (not your average script kiddy) whom has access to a high level connection to the internet (probably hacked into someone else) has "BGP announced" the ARIN network that is not meant to be routable.

Anyway, it has already gone.

It would be good if ISP's (and high level backbone providers) used the available listing services to drop these networks at the perimeter.

It would also be good if they only routed packets from their own network with source address that belong to their own network (thereby stopping many DDOS methods)

Anyway your firewall did its job, though your router seems very suspect, though do you have wireless, as it is possible it was spoofed in from there.

If it happens again, try and get a tracert whilst it is still routable, at least you then may have some idea were it came from.

23-04-2007, 10:10 AM	#1
Johnno Tiscali User Member Join Date: Dec 2003 Posts: 199 Thanks: 0 Thanked 0 Times in 0 Posts	weird firewall hits all this morning my firewall has been blocking attempted connections on seemingly every port imaginable from 5.20.161.34 which according to ARIN whois, belongs to IANA. seems to be that most (if not all are TCP requests) I'm behind an NAT router so not sure why this is getting passed onto my computer.......using XP home SP2, Zonealarm (latest version), avast! antivirus. anyone got any suggestions as to whats going on? Thanks John

23-04-2007, 05:22 PM	#2
Karl Prince Tiscali User Member Join Date: Jan 2004 Location: Leicester Posts: 621 Thanks: 0 Thanked 0 Times in 0 Posts	Welcome to the world of BOGON networks http://www.completewhois.com/bogons/index.htm Somebody (not your average script kiddy) whom has access to a high level connection to the internet (probably hacked into someone else) has "BGP announced" the ARIN network that is not meant to be routable. Anyway, it has already gone. It would be good if ISP's (and high level backbone providers) used the available listing services to drop these networks at the perimeter. It would also be good if they only routed packets from their own network with source address that belong to their own network (thereby stopping many DDOS methods) Anyway your firewall did its job, though your router seems very suspect, though do you have wireless, as it is possible it was spoofed in from there. If it happens again, try and get a tracert whilst it is still routable, at least you then may have some idea were it came from. __________________ Karl Prince Ex-Freedom2Support Knowledge Team Billion 7402VGP, MAX 50 GB 7360kb sync (ex USR9003 - couldn't cope with MAX)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
SpeedTouch 510v4 - How Do I Turn Off The Firewall?	indx	Freedom2Surf Broadband	4	16-10-2004 10:10 PM
Critical Update for Symantec Norton Firewall	Karl Prince	General Computing and Internet	2	13-05-2004 07:33 PM
Choosing a firewall	carter0268	Freedom2Surf Broadband	22	31-03-2004 06:53 PM
UNDERSTANDING YOUR USR 9003 FIREWALL	mikec	Freedom2Surf Broadband	9	13-03-2004 11:52 AM
USR 9003 Guide & Firewall Configuration	John R	Freedom2Surf Broadband	0	26-10-2003 08:34 PM

Tiscali / TalkTalk User

Advertisement

TalkTalk User Links

TalkTalkUser Partners

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)