Go to http://www.pc-help.org/trace.htm This has a great Win9x utility, trace.bat, that gives you excellent info about any IP, URL, hostname, or email address. It's free, and it uses three freeware utilities along with the standard Win9x built-ins to produce the info.
Also, the site in general has lots of good information. There's an interesting account of Lockdown2000, a "firewall" system that is a total sham/scam. It also shows how using the utilities in trace.bat can help uncover who is giving you grief. Dirk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of michael Sent: Friday, January 07, 2000 4:23 PM To: [EMAIL PROTECTED] Subject: Re: strange logs Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ---------------------------------- thanks for the reply no i am not in montana, i'm in ny isn't this eating up some of my bandwidth? i'm not a pro at this , so how would i go about looking up this orgs/persons address and such to get them to stop broadcasting this ? if it is a misconfigured address, why am i getting it? michael ----- Original Message ----- From: "Joe Biniskiewicz" <[EMAIL PROTECTED]> To: "michael" <[EMAIL PROTECTED]> Sent: Thursday, January 06, 2000 10:12 PM Subject: Re: strange logs > Okay, I checked the address, and it's owned by Kinetics Corp in Emigrant, > MT. However there is not route to that host on the Internet. It's > probably an address that they are not using right now. > > If you are not also in Montana, and the name Emigrant doesn't sound > familiar, then it's probably just someone with a misconfigured address on > the same Cable ISP as you are. > > You should find the address in your arp table, though that won't tell you > much except for the MAC address. At any rate it's nothing to worry about. > -joeb > > > At 09:26 AM 01/06/2000 -0500, michael wrote: > >yes i am on a cablemodem. > >but, mys isp is not in the 199.xxx range. > >and this just started yesterday afternoon. i've had my cable setup for > >almost a year now with various firewalls and never had this happen before. > >i've had gnatbox running for 4 months now and also no alarms like this have > >been set. > > > > > >----- Original Message ----- > >From: "Joe Biniskiewicz" <[EMAIL PROTECTED]> > >To: "michael" <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]> > >Sent: Thursday, January 06, 2000 8:32 AM > >Subject: Re: strange logs > > > > > > > It would appear to me that you are on a cable modem, xDSL line or some > > > other "shared" media (bridged rather than routed). One of your neighbors > > > has a machine turned on at the ip address [199.245.180.13] . That machine > > > is sending broadcasts [255.255.255.255/1015], which is quite normal. Your > > > GB is blocking those broadcasts, which would otherwise reach your > > > network. > > > > Another possibility is that "someone" has a machine configured with that > >IP > > > address on the EXT interface. What is your GB EXT Interface plugged into, > > > and what else is plugged in there? > > > > > > The fact that your neighbor has no PTR record in DNS is only a testament > >to > > > sloppy administration on the part of the owner of that network address > >(the > > > ISP is most likely the "owner"). All IP addresses should have an A > > > (forward) and a PTR (reverse) DNS entry. (another discussion entirely, > > > though some misinformed administrators believe that security is enhanced > >by > > > improperly configuring DNS. Go figure!). > > > > > > The fact that you cannot ping that address indicates that the ISP may be > > > blocking/filtering ICMP packets, probably as a security measure, and to > > > discourage the extra bandwidth of traceroutes, etc., or that because it > >may > > > be an illegal address on that network, that it's not within the scope of > > > your EXT interface IP subnet, or that the host is configured not to > >respond > > > to ICMP traffic. > > > > > > The solution is to set your alarm thresholds high enough that you don't > >get > > > email and pager messages regarding these broadcasts, and then otherwise > > > ignore them. > > > -joeb > > > > > > At 10:51 PM 01/05/2000 -0500, michael wrote: > > > >i have a strange occurence going on on my gnatbox. > > > >suddenly this afternoon i've been getting multiple messages on the > >gnatbox > > > >message screen. > > > >here is what i am recieving..... > > > > > > > >Jan 5 22:32:43 FILTER: remote access filter blocks:UDP bcast fxp0 > > > >[199.245.180.13/1015] ->[255.255.255.255/1015] l=148 > > > > > > ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
