IP alerts in ZAP for 216.xxx.xxx.xxx

Hi
I have been getting a lot of alerts from IP's begining with the IP 216. It
always appears to try and get in on port 80. These have been happening at an
interval of about every 5 to 10 min. The rest of the IP number after 216 is
different but some are the same. this has been happening for several days
now
Is there any need to worry about this??
Thanks in advance
Examples

The firewall has blocked Internet access to your computer (HTTP) from
216.214.141.171 (TCP Port 2535) [TCP Flags: S].

Time: 8/10/2001 9:14:30 AM

The firewall has blocked Internet access to your computer (HTTP) from
216.79.17.249 (TCP Port 3705) [TCP Flags: S].

Time: 8/10/2001 9:38:06 AM

The firewall has blocked Internet access to your computer (HTTP) from
216.136.93.224 (TCP Port 4458) [TCP Flags: S].

Time: 8/10/2001 10:06:06 AM

The firewall has blocked Internet access to your computer (HTTP) from
216.55.173.134 (TCP Port 2749) [TCP Flags: S].

Time: 8/10/2001 10:35:02 AM
0
Doug
8/10/2001 2:41:00 PM
grc.privacy 4590 articles. 0 followers. Follow

4 Replies
13989 Views

Similar Articles

[PageSpeed] 17

Your Ip being 216.46.205.xxx, you will get code red alerts from addresses in
the same range as yourself, it's normal for this time of the year <g>

"Doug Verduin" <MrVerduin@hotmail.com> a �crit dans le message news:
9l0rsd$188g$1@news.grc.com...
> Hi
> I have been getting a lot of alerts from IP's begining with the IP 216. It
> always appears to try and get in on port 80. These have been happening
0
Bertdil
8/10/2001 2:48:00 PM
"Doug Verduin" <MrVerduin@hotmail.com> wrote in message
news:9l0rsd$188g$1@news.grc.com...
> Hi
> I have been getting a lot of alerts from IP's begining with the IP 216.
It
> always appears to try and get in on port 80. These have been happening
at an
> interval of about every 5 to 10 min. The rest of the IP number after 216
is
> different but some are the same. this has been happening for several
days
> now
> Is there any need to worry about this??

No, because the firewall is blocking them and you are not running a
vulnerable IIS server.

http://www.incidents.org/react/code_redII.php
--
� 
-- 
Robert
grc.com forum FAQ - http://grc.com/discussions.htm
grc.com forum quick reference - http://grc.com/nntpquickref.htm
grc.com forum disclaimer - http://grc.com/forumdisclaimer.htm
grc.com privacy statement - http://grc.com/privacy.htm
0
Robert
8/10/2001 3:32:00 PM
Nothing to worry about.... On monday I stated that I got about 150 alerts in
less than 2 hours, all beginning with 41... and all on port 80.... *sigh*
good old red worm.  can M$ make anything that can bug the hell out of us
everyday and make us worry about our security... oh yeah, its called windows
:)

-Big will


"Doug Verduin" <MrVerduin@hotmail.com> wrote in message
news:9l0rsd$188g$1@news.grc.com...
> Hi
> I have been getting a lot of alerts from IP's begining with the IP 216. It
> always appears to try and get in on port 80. These have been happening at
an
> interval of about every 5 to 10 min. The rest of the IP number after 216
is
> different but some are the same. this has been happening for several days
> now
> Is there any need to worry about this??
> Thanks in advance
> Examples
>
0
Big
8/10/2001 4:55:00 PM
Big Will <big_will@someemailprogram.com> wrote in message
news:9l13i1$1k3m$1@news.grc.com...
> Nothing to worry about.... On monday I stated that I got about 150 alerts
in
> less than 2 hours, all beginning with 41... and all on port 80.... *sigh*
> good old red worm.  can M$ make anything that can bug the hell out of us
> everyday and make us worry about our security... oh yeah, its called
windows
> :)
>
> -Big will

it has been suggested that code red, along with wxp raw ports is m$ ground
work for making standard TCP/IP unusable.  they can then make the big push
to launch ipv6 (or TCP/MS as some wags have dubbed it).

the artgument makes a great deal of sense.

it would also allow complete prioritization of TCP/m$ packets.  the more you
pay the better the service ...

this could mean the end of DDOS attacks as the packets from an attacking
machine (which is most likely a dial in or other low priority machine) would
not be delivered on mass as the delivery routers would keep holding (or
dropping as buffers filled up) low priority packets.

it is only a theory tho :)
0
who
8/20/2001 12:35:00 PM
Reply:

Similar Artilces:

Tarpitting active for xxx.xxx.xxx.xxx ??
Sending email to a particular domain is giving me a message on GWIA "DMN: Send Failure: 421 4.0.0 Tarpitting active for [xxx.xxx.xxx.xxx]" where xxx.xxx.xxx.xxx is the public IP of my GWIA. What is this? I see some references on the Internet to tarpitting intended as a form of mailbomb protection if you're trying to send to tons of recepients at a particular mail server/domain, but my message only listed 4 recepients. James JJB wrote: > What is this? > > I see some references on the Internet to tarpitting intended as a form of > mailbomb prot...

Did Not receive identification string from xxx.xxx.xxx.xxx
Hello. I was checking my /var/log/messages this morning and found two strings with the above format i.e: - Did not receive identification from 61.152.223.195 Did not receive identification string from 222.242.199.132 Both are appearing as entries for sshd. I have enabled ssh and port 22 is opened. What does this mean? -- gakiimurerwa ------------------------------------------------------------------------ On Fri, 16 May 2008 08:56:02 +0000, gakiimurerwa wrote: > > Hello. > > I was checking my /var/log/messages this morning and found two string...

request for authentication with xxx.xxx.xxx.xxx:631/ipp
When I use the xxx.xxx.xxx.xxx:631/ipp tool to install a printer or to install the ipp client, I get a request to authenticate. To authenticate, I have to use the full user context identification ie. efarmer.mt.mvctc. Ironically, if I cancel the authentication--do no authentication-- I can still do the same updates, no problem. Is there a way to not have the request for authentication come up? If not, is there a way to have contextless login? Ed There is no way currently to use contextless login with iprint. As far as authenticating on port 631, there should...

Received a Decline packet for address xxx.xxx.xxx.xxx
I get these errors every once in a while Received a Decline packet for address... Today I noticed that the IP address it has listed was being used (DHCP) earlier, but the person using that machine has rebooted so it grabbed a new IP. Now that machine is holding 2 IP addresses, one Dynamic (in use) and the other one is marked Unathorized by the DNS/DHCP client. For some reason DHCP is holding onto that IP address for the machine even though it's not using it. I wanted to manually release it, but the only option I could see was "Delete" and that doesn't sound good. I ...

Someone on address xxx.xxx.xxx.xxx wants to send ICMP packet to your machine?
application tcpip.kernal driver Anyone know what this is? the IP address resolves to serial1-10.xxx.xxxx.alter.net. I keep getting the same request over and over again Thanks SE "Lawrence Baldwin" <baldwinL@mynetwatchman.com> wrote in message news:a6o8pu$259o$1@news.grc.com... > Given that the source is a UUnet router, this could be the root cause: > http://www.mynetwatchman.com/kb/security/backscat.htm > "SE" <watertoo@hotmail.com> wrote in message > news:a6m3uv$2sa4$1@news.grc.com... > > application tcpip.kernal dri...

use of Inherits="xxx.xxx.xxx"
Can someone please tell me the exact use of Inherits word used in the page level directive? example, <%@ Page language="c#" Codebehind="default_new.aspx.cs" AutoEventWireup="false" Inherits="myapp.default_new" %> thanks in advancefeed the creative machine Hi, taken from this url: @ Page I found this: Inherits Defines a code-behind class for the page to inherit. This can be any class derived from the Page class. For information about code-behind classes, see Web Forms Code Model. Grz, Kris.Read my blog. H...

NTP server error.
Just switched all our servers over from timesync to ntp. I have setup 2 servers, one on each side of a wan link to get time from the internet and also be peer to peer with each other. I get the following error on the one. - peer authentication failure Unable to take time from the server xxx.xxx.xxx.xxx as the keys are not matching. Ensure that you have the right keys I looked for the error, but couldn't find it. Any ideas here? Thanks Bill Hmmm, I didn't think NTP required any form of authentication or used keys at all. In any case you might run sdidiag an...

SM does not get rid of xxx.msf or xxx.dat on unsubscribing from xxx?
When I unsubscribe from a newsgroup xxx, why does SM not get rid of the xxx.msf or xxx.dat files in the pppppppp/News/{server} folder. Rostyslaw Lewyckyj wrote: > When I unsubscribe from a newsgroup xxx, why does SM not get rid of > the xxx.msf or xxx.dat files in the pppppppp/News/{server} folder. Built in. In case you want to re-subscribe. You can delete them if you wish Moz Champion (Dan) wrote: > Rostyslaw Lewyckyj wrote: >> When I unsubscribe from a newsgroup xxx, why does SM not get rid of >> the xxx.msf or xxx.dat files in the pppppppp/News/{server} f...

What about 169.254.xxx.xxx ?
Steve, Thought you might like to add to the web pages somewhere that Microsoft Windows' single desktops that aren't already in a Network often "autoconfig" their LAN cards to: 169.254.xxx.xxx at bootup! Any idea why they do that? I looked it up at IANA, and it comes back as: =========================================== NetRange: 169.254.0.0 - 169.254.255.255 CIDR: 169.254.0.0/16 NetName: LINKLOCAL NetHandle: NET-169-254-0-0-1 Parent: NET-169-0-0-0-0 NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IA...

Receive a decline packet for address xxx.xxx.xxx.xxxt/unauthorized assignment type
Hi, I am running netware 5.1 sp7 and dhcpsrvr 313c and this is the dilemma: I am receiving decline packets on the dhcp server console and the addresses that are showing up are in the dhcp console with an assignment type of Unauthorized. If I check through the IP range the machine that holds the Unauthorized assignment type will have more than one IP address listed for each machine that is reporting this error. I tried TID 10014757 and had the SET UNAUTHORIZED IP SCAN INTERVAL =1. That released the IP's back to dynamic so I changed it to =8 so that it would have less impact on the netw...

xxx
[This followup was posted to mozilla.test and a copy was sent to the cited author.] ...

xxx
Name: Product: Firefox Release Candidate Summary: xxx Comments: Best Firefox yet. Opens much much quicker. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

xxx
Name: internetcafe Product: Bon Echo Summary: xxx Comments: aa Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1 ...

xxx
Name: Dzeen Email: hicksichatmaildotru Product: Firefox Summary: xxx Comments: фаерфокс реально жжот. крутой бровсер) Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ...

Web resources about - IP alerts in ZAP for 216.xxx.xxx.xxx - grc.privacy

Vibrating alert - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

ALERT: Free $10 Coupon Offer From Discounts Facebook Page Is A Scam
Believing a gift card Facebook offer for Starbucks that seems too good to be true could land users in hot water. Dennis Yu , founder of BlitzLocal, ...

Moruya issued final flood warning, Bega on low alert: heavy rain continues
Moruya has been issued a final flood warning despite heavy rain expected across south-eastern NSW.

First Alert unveils HomeKit-enabled safe, environment monitor, and thermostat coming this year
Joining the onslaught of HomeKit-enabled tech we’ve seen so far at the Consumer Electronics Show , First Alert has just taken the wraps off of ...

Amber Alert canceled after 3-year-old South Houston boy found safe
An Amber Alert that had been in effect Saturday night for a missing 3-year-old South Houston child has been canceled. The child was found safe ...

Red Alert, life inside the Beijing smog
Beijing residents carry on with life as government signals serious anti-pollution efforts in issuing Red Alert for smog.

Someone should alert the media #netmigrationbelowzero
Someone should alert the media by digby Not that the wingnuts would believe this. As far as they're concerned the only good Mexican is a deported ...

High alert as S. Korea resumes cross-border anti-Kim broadcasts
Propaganda message boomed over world's most militarized border into North Korea as retaliation for North's nuclear test

IDG Contributor Network: Automating Email Alerts on Unix Systems
... long before they start having an effect. Or you might want to monitor critical processes or system resources. Whatever the motivation, alerts ...

New Fitbit Tracker Boasts Color LCD Touchscreen And Smartphone Alerts
The new Fitbit Blaze, launched at CES 2016 (Fitbit) We were all expecting Fitbit to unleash a new flagship device over in Las Vegas at CES 2016 ...

Resources last updated: 1/8/2016 7:11:08 PM