Life like Opossum Posted November 5, 2012 Share Posted November 5, 2012 (edited) Today my internet access started to act a little... strange. As usual, I checked my router to see if everything was ok. There were no extra DHCP leases besides the devices I would expect to be connected (One strange one was on, I assumed it to be my laptop as it shared the same mac) (I dual boot windows and backtrack on it).. Upon going into my logs for the router I saw that I am receiving ACK packets from a few different IP addresses. Is his something I should be concerned about or is it benign? Regardless, I set incoming rules to deny each of the addresses shown in the picture attached. Is my router being targeted by someone? If so, are there any suggestions anyone may have on what I can do? This whole situation has me a bit worried. To be safe I also ran full system scans for all and any malware, spyware etc. I have also disabled my hosting as of now and I am carefully monitoring all traffic on my network. If more information is needed, just let me know what you guys need and I will grab it for you ASAP. Currently I have WPS off, admin pass is separate from my Wi-Fi pass, and both passwords are a minimum 12 characters w/ upper and lowercase characters, special characters and numbers. Login captchas are enabled so brute forcing isn't likely an option, although I don't feel that is the goal here... (this isn't actually from June, my Date and Time are off on the router) Jun 4 23:42:41 notice Blocked incoming TCP packet from 206.217.211.219:80 to XXXXXX with unexpected sequence Jun 4 23:34:35 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:28:44 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:27:28 info version 1.0 started Jun 4 23:23:29 info using nameserver 64.59.135.145#53 Jun 4 23:23:29 info using nameserver 64.59.128.114#53 Jun 4 23:23:29 info reading /etc/resolv.conf Jun 4 23:23:13 info Lease of XXXXXX obtained, lease time 171455 Jun 4 23:22:35 info version 1.0 started Jun 4 23:18:51 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:18:39 notice Blocked incoming TCP SynAck packet from 186.206.248.238:51413 to XXXXXX with unexpected sequence Jun 4 23:18:36 notice Blocked incoming TCP SynAck packet from 190.201.83.160:29466 to XXXXXX with unexpected sequence Jun 4 23:18:32 notice Blocked incoming TCP SynAck packet from 124.43.23.33:53456 to XXXXXX with unexpected sequence Jun 4 23:18:14 info UDHCPD sending OFFER of 192.168.0.102 Jun 4 23:18:14 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:18:14 info UDHCPD sending OFFER of 192.168.0.102 Jun 4 23:17:55 notice Blocked incoming TCP SynAck packet from 96.48.129.133:25622 toXXXXXX with unexpected sequence Jun 4 23:17:50 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:17:32 notice Blocked incoming TCP SynAck packet from 124.43.23.33:53456 to XXXXXX with unexpected sequence Jun 4 23:17:32 notice Blocked incoming TCP SynAck packet from 124.43.23.33:53456 to XXXXXX with unexpected sequence Jun 4 23:17:30 notice Blocked incoming TCP SynAck packet from 124.43.23.33:53456 to XXXXXX with unexpected sequence Jun 4 23:15:56 info UDHCPD Inform: add_lease 192.168.0.103 Jun 4 23:15:52 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:52 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:25 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:25 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:24 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD Inform: add_lease 192.168.0.101 Jun 4 23:15:24 info UDHCPD Inform: add_lease 192.168.0.101 Jun 4 23:15:24 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:24 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:24 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:24 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:24 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:24 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:23 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:22 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:22 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:22 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:22 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:22 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:22 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:22 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:22 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:22 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:22 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:21 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:21 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:21 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:21 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:21 info UDHCPD sending OFFER of 192.168.0.103 Jun 4 23:15:21 info UDHCPD sendOffer : device_lan_ip=192.168.0.1 , device_lan_subnet_mask=255.255.255.0 Jun 4 23:15:20 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:20 info UDHCPD Inform: add_lease 192.168.0.100 Jun 4 23:15:19 info UDHCPD Inform: add_lease 192.168.0.103 Jun 4 23:15:19 notice Blocked incoming TCP packet from 206.217.211.219:80 to XXXXXX with unexpected sequence Jun 4 23:12:00 notice Blocked incoming TCP SynAck packet from 190.201.83.160:29466 to XXXXXX with unexpected sequence Jun 4 23:10:18 notice Blocked incoming TCP SynAck packet from 190.201.83.160:29466 to XXXXXX with unexpected sequence Jun 4 23:09:23 notice Blocked incoming TCP SynAck packet from 190.201.83.160:29466 to XXXXXX with unexpected sequence Jun 4 23:09:23 notice Blocked incoming TCP SynAck packet from 190.201.83.160:29466 to XXXXXX with unexpected sequence EDIT: Removed Image EDIT: Added full log EDIT: Removed my IP (XXXXXX) =P Edited November 5, 2012 by Saelani Quote Link to comment Share on other sites More sharing options...
digip Posted November 5, 2012 Share Posted November 5, 2012 This wouldn't be coming from WPS, thats wifi related, those are all external IP addresses hitting your router. You need to change your external IP so they can't find you anymore. If your router has mac address cloning, give it a fake mac, with the normal OID prefix, save, then reboot your modem. That will force the ISP to change your external IP and give you a new address from DHCP from the ISP, won't effect anything internally. If you don't have MAC address cloning on the router, power off the modem for at least 20-30 minutes, and on the router, release its IP Lease. Restart the modem, and on the router, it should then get a new IP hopefully, as the lease should expire with the ISP. Use ipchicken.com, to confirm your IP address before and after you do these steps, to see that its changed. That in part will stop some of the attack scans, at least from the same players, but it seems someone or some group, is probably probing your router from the internet, using proxies or compromised hosts, they've identified something at your end they feel they want to target from the sounds of it. Make sure external WAN side configration is disabled, disable HTTP access and only enable HTTPS access from the wired lan side and disable configuration over wifi, that helps some. Make sure to turn off uPnP and SSDP if enabled, and block TFTP if possible, or port forward it to an IP out of range that doesn't exist on your network, so they can't try to upload firmware to your router to backdoor it and can't query the router over uPnP and SSDP to open ports or enable port forwarding from the internet. Here are some of the people hitting your router, most likely part of a botnet, automated attacks drive bys but in case its someone who truly wants in, either way, change your external IP. Array ( [CountryCode] => LK [IP] => 124.43.23.33 [CountryName] => Sri Lanka [Region] => 36 [City] => Colombo [PostalCode] => [Latitude] => 6.9319 [Longitude] => 79.8478 [Hostname] => 124.43.23.33 ) Array ( [CountryCode] => US [IP] => 206.217.211.219 [CountryName] => United States [Region] => UT [City] => Providence [PostalCode] => 84332 [Latitude] => 41.6929 [Longitude] => -111.8147 [Hostname] => hosted-by.datatr.com ) Array ( [CountryCode] => BR [IP] => 186.206.248.238 [CountryName] => Brazil [Region] => 15 [City] => Belo Horizonte [PostalCode] => [Latitude] => -19.9167 [Longitude] => -43.9333 [Hostname] => bacef8ee.virtua.com.br ) Array ( [CountryCode] => VE [IP] => 190.201.83.160 [CountryName] => Venezuela [Region] => 25 [City] => Caracas [PostalCode] => [Latitude] => 10.5 [Longitude] => -66.9167 [Hostname] => 190-201-83-160.dyn.dsl.cantv.net ) Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted November 5, 2012 Author Share Posted November 5, 2012 (edited) Thanks a bunch digip. I disabled external WAN as you suggested. I browsed through every config page in my router several times and I could not find anything on forcing https. Somehow uPnP was enabled... I know more than enough about it to know that it should never be on in a network that can access the public internet. I have always had this disabled. It must have gotten turned on when I reset my modem to factory a couple weeks ago. I checked all my port forwards, DMZ, application rules and filters to ensure nothing has been changed, everything looks fine and uPnP is OFF now, as it should be. I will leave my modem off for the whole evening and I will turn it back on in the morning after I release the dhcp lease from my router as you have suggested. Thanks again digip. I owe you one. You are a gentleman and a scholar. Maybe one year I'll make it to a con, track you down, and buy you a drink! Two if you got the reference above! Also, if I may ask. What program do you use to trace IP addresses? I would love to have a tool such as that. Edited November 5, 2012 by Saelani Quote Link to comment Share on other sites More sharing options...
digip Posted November 5, 2012 Share Posted November 5, 2012 (edited) I have a geo ip databaste for my site from maxmind, but you can use free services like http://www.ip2location.com/free.asp or http://www.infosniper.net/ Edited November 5, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted November 5, 2012 Share Posted November 5, 2012 Thanks a bunch digip. I disabled external WAN as you suggested. I browsed through every config page in my router several times and I could not find anything on forcing https. Somehow uPnP was enabled... I know more than enough about it to know that it should never be on in a network that can access the public internet. I have always had this disabled. It must have gotten turned on when I reset my modem to factory a couple weeks ago. I checked all my port forwards, DMZ, application rules and filters to ensure nothing has been changed, everything looks fine and uPnP is OFF now, as it should be. I will leave my modem off for the whole evening and I will turn it back on in the morning after I release the dhcp lease from my router as you have suggested. Thanks again digip. I owe you one. You are a gentleman and a scholar. Maybe one year I'll make it to a con, track you down, and buy you a drink! Two if you got the reference above! Also, if I may ask. What program do you use to trace IP addresses? I would love to have a tool such as that. Digip needs a cape and a giant S on his chest... that is all... :) Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted November 5, 2012 Author Share Posted November 5, 2012 New day, new IP and it seems nothing has changed. I am still getting bombarded by ACK packets, and there are a few others showing up now. I am beginning to think something within my network is probing out and giving them my IP address. What is the best way to solve this problem? I have checked all of my computers for any abnormal activity and everything seems to be ok (from what I can tell, I don't know all that much about this stuff). The new IP I was assigned last night when I let my lease expire seems to be in a similar series of IP addresses. Is it possible that someone is attacking a wide array of addresses at random? What is the best solution to the problem? I can ask my roommates to allow me to go through their computers. I suspect something may be on my one roommates PC as some of his personal accounts have been logged into by unauthorized persons. I suspected a key logger at the time but discovered no such activity. Is it possible that my friend’s computer has a program/service running on it, maliciously of course, that is sending out our public IP to a botnet, which is then trying to access our network? Or, possibly, is his computers already compromised and may be, or have been, part of a botnet? I am actually now questioning my thoughts on the matter because his computer has not received a new lease since I reset the public and private leases last night. This means his computer has not connected to the network since the release. Does anyone know what may be going on? Is this something I should call my ISP and inform them about? perhaps there is something that cna be done on their end, although, I highly doubt this. Here is the full log. I will not b other blanking out my IP, it has already been changed. The date and time are now correct as for my time zone. Nov 5 11:03:45 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:57278 with unexpected sequence Nov 5 11:03:14 notice Blocked incoming TCP packet from 90.154.148.44:54405 to 68.147.181.245:55383 with unexpected sequence Nov 5 11:02:52 info UDHCPD Inform: add_lease 192.168.0.100 Nov 5 11:01:10 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:56447 with unexpected sequence Nov 5 11:00:50 notice Blocked incoming TCP SynAck packet from 217.197.136.115:45814 to 68.147.181.245:56372 with unexpected sequence Nov 5 11:00:05 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:56265 with unexpected sequence Nov 5 10:59:11 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:56107 with unexpected sequence Nov 5 10:59:04 notice Blocked incoming TCP SynAck packet from 202.105.83.25:14821 to 68.147.181.245:56077 with unexpected sequence Nov 5 10:57:46 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:55813 with unexpected sequence Nov 5 10:57:44 notice Blocked incoming TCP packet from 90.154.148.44:54405 to 68.147.181.245:55383 with unexpected sequence Nov 5 10:57:37 notice Blocked incoming TCP SynAck packet from 122.111.1.248:6881 to 68.147.181.245:55765 with unexpected sequence Nov 5 10:57:03 notice Blocked incoming TCP SynAck packet from 79.66.217.218:32244 to 68.147.181.245:55640 with unexpected sequence Nov 5 10:56:47 notice Blocked incoming TCP SynAck packet from 117.192.211.217:61137 to 68.147.181.245:55577 with unexpected sequence Nov 5 10:56:44 notice Blocked incoming TCP packet from 90.154.148.44:54405 to 68.147.181.245:55383 with unexpected sequence Nov 5 10:54:07 info version 1.0 started Nov 5 10:54:01 info UDHCPD Inform: add_lease 192.168.0.100 Nov 5 10:54:00 info read /etc/hosts - 1 addresses Nov 5 10:54:00 info using nameserver 64.59.135.145#53 Nov 5 10:54:00 info using nameserver 64.59.128.114#53 Nov 5 10:54:00 info reading /etc/resolv.conf Nov 5 10:54:00 info compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP Nov 5 10:54:00 info started, version 2.41 cachesize 150 Nov 5 10:53:54 info exiting on receipt of SIGTERM Nov 5 10:53:54 info using nameserver 64.59.135.145#53 Nov 5 10:53:54 info using nameserver 64.59.128.114#53 Nov 5 10:53:54 info reading /etc/resolv.conf Nov 5 10:53:52 info Lease of 68.147.181.245 obtained, lease time 3598 Nov 5 10:53:50 info Sending discover... Nov 5 10:53:48 info Sending discover... Nov 5 10:53:46 info Sending discover... Nov 5 10:53:16 info Lease of 192.168.100.10 obtained, lease time 30 Nov 5 10:53:05 info version 1.0 started Nov 5 10:52:57 info read /etc/hosts - 1 addresses Nov 5 10:52:57 info compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP Nov 5 10:52:57 info started, version 2.41 cachesize 150 Nov 5 10:52:51 info exiting on receipt of SIGTERM Nov 5 10:52:50 info Lease of 192.168.100.10 obtained, lease time 30 Nov 5 10:52:47 info Sending discover... Nov 5 10:52:47 info Sending discover... Nov 5 10:52:45 info Sending discover... Nov 5 10:52:43 info Sending discover... Nov 5 10:52:43 info Sending discover... Nov 5 10:52:41 info Sending discover... Nov 5 10:52:39 info Sending discover... Nov 5 10:52:39 info Sending discover... Nov 5 10:52:37 info Sending discover... Nov 5 10:52:35 info Sending discover... Nov 5 10:52:33 info Sending discover... Nov 5 10:52:31 info Sending discover... Nov 5 10:52:29 info Sending discover... Nov 5 10:52:29 info Sending discover... Nov 5 10:52:27 info Sending discover... Nov 5 10:52:25 info Sending discover... Nov 5 10:52:25 info Sending discover... Nov 5 10:52:23 info Sending discover... Nov 5 10:52:21 info Sending discover... Nov 5 10:52:21 info Sending discover... Nov 5 10:52:19 info Sending discover... Nov 5 10:52:17 info Sending discover... Nov 5 10:52:17 info Sending discover... Nov 5 10:52:15 info Sending discover... Nov 5 10:52:13 info Sending discover... Nov 5 10:52:07 info DHCP Release WAN IP address = 0.0.0.0 Nov 5 10:52:07 info Unicasting a release of 184.64.62.92 to 64.59.135.150 Nov 5 10:04:41 info UDHCPD Inform: add_lease 192.168.0.100 Nov 5 07:14:22 info UDHCPD Inform: add_lease 192.168.0.100 Nov 5 02:51:52 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:50:38 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:40:34 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:39:31 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:36:16 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:35:13 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:34:10 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:33:07 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:32:03 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:31:00 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:29:57 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:28:53 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:27:32 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:26:29 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:25:26 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:24:23 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:23:19 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:22:16 info UDHCPD Inform: add_lease 192.168.0.101 Nov 5 02:21:13 info UDHCPD Inform: add_lease 192.168.0.101 Quote Link to comment Share on other sites More sharing options...
digip Posted November 6, 2012 Share Posted November 6, 2012 Its possible you are already infected with something on one of the machines and its trying to dial home to get updates from random servers, or, just crappy random traffic. The nice thing is, it seems the router is blocking them, so thats a good thing. Only other things to check, is 1, firmware update on the route itself to make sure it wasn't whacked, which means reconfiguring the router from scratch afterwards, and 2, making sure none of your other devices on the home network are infected. Do you use p2p software like uTorrent or the like? Sometimes, when you use Bittorrents, your IP can be on the list of people who seed files, and if you still share those files, but have the torrent down, they will still try to hit your machine to get fragments of the file. I used to see this all the time when I would use torrents for things like BackTrack. Once I stopped seeding, I would still see traffic on my firewall logs for days afterwards, which I later determined was for the Torrent file. Once I changed my external IP, all of the traffic stopped, but if you aren't using Torrents or the like, then it looks more like botnet activity, or just random drive by scanning of general subnets on the internet. Unless you are doing something to visit those IP's, I'd say it looks like botnet activity, and one of your machines may be part of it. You can also try running Wireshark, and monitor the traffic for those foreign IP's, see whats coming in, if its reaching your PC,or blocked/stopped at the router side. If you don't see them reaching the local NIC you're monitoring, then try running wireshark on each of the other machines on the home lan, if possible. Then see if any of them show communication with those IP's. If one of the machines does, chances are, its the culprit, and possibly has malware on it. Array ( [CountryCode] => IN [iP] => 117.192.211.217 [CountryName] => India [Region] => 19 [City] => Bangalore [PostalCode] => [Latitude] => 12.9833 [Longitude] => 77.5833 [Hostname] => 117.192.211.217 ) Array ( [CountryCode] => BA [iP] => 217.197.136.115 [CountryName] => Bosnia and Herzegovina [Region] => 01 [City] => Sarajevo [PostalCode] => [Latitude] => 43.85 [Longitude] => 18.3833 [Hostname] => 217.197.136.115 ) Array ( [CountryCode] => BG [iP] => 90.154.148.44 [CountryName] => Bulgaria [Region] => 61 [City] => Varna [PostalCode] => [Latitude] => 43.2167 [Longitude] => 27.9167 [Hostname] => 90-154-148-44.btc-net.bg ) Array ( [CountryCode] => AU [iP] => 122.111.1.248 [CountryName] => Australia [Region] => 07 [City] => Diamond Creek [PostalCode] => [Latitude] => -37.6667 [Longitude] => 145.15 [Hostname] => d122-111-1-248.meb804.vic.optusnet.com.au ) Array ( [CountryCode] => GB [iP] => 79.66.217.218 [CountryName] => United Kingdom [Region] => B7 [City] => Bristol [PostalCode] => [Latitude] => 51.45 [Longitude] => -2.5833 [Hostname] => 79-66-217-218.dynamic.dsl.as9105.com ) Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted November 6, 2012 Author Share Posted November 6, 2012 (edited) I do torrent frequently. I actually have my torrents off for now just to see what will happen. I have a feeling it is not due to torrents because the traffic seems to be coming regardless of wether or not my torrents are running. The traffic continued on my new public ip when my torren client was never on. I will run some scans with wireshark looking for conenctions to these IP addresses as you have suggested. Edited November 6, 2012 by Saelani Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.