I got a firewall warning off of my Norton package should i be worried does this mean i have some thing on my PC or that i am being targeted (i am taking my ex-employee to tribunal) how did they know the name of my PC? i am only recently swapped to a new mobile broadband connection so how did it find my? or is it just a random attack?

Risk name Eleonore Toolkit activity

Attacking computer onlinesoft.name (91.201.64.8, 80)

Attacking URL. Onlinsoft.name/3dd/index.php

destination address (Adrian PC 92**

source address 91.201.64.8 (91.201.64.8)

Traffic description TCP, www-http

Application path \device\hardiskvolume2\program files\internetexplorer\Iexplore.exe

status blocked

 

So you were browsing a dodgy Polish web-site and got sniffed?

Be careful where you look next time

 

No on that laptop and dongle not been anywhere more risky than Scoobynet, pistonheads, LFTO (walking forum) big brand name email web access pages that sort of thing, that is why i was concerned.

If i had been on a dodgy site i would have expected the firewall to show a problem and asked how to clean my PC!

 

a whois lookup on that IP shows the following:

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 91.0.0.0 - 91.255.255.255
CIDR: 91.0.0.0/8
NetName: 91-RIPE
NetHandle: NET-91-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2005-06-30
Updated: 2009-05-18

# ARIN WHOIS database, last updated 2010-04-10 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '91.201.64.0 - 91.201.67.255'

inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
org: ORG-DS41-RIPE
admin-c: MNV32-RIPE
tech-c: MNV32-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-DONECO
mnt-by: MNT-DONECO
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: MHOST-MNT
mnt-routes: MNT-PIN
mnt-domains: MHOST-MNT
source: RIPE # Filtered

organisation: ORG-DS41-RIPE
org-name: DonEko Service
org-type: OTHER
address: novocherkassk, ul stremyannaya d.6
e-mail: admin@pinspb.ru
mnt-ref: MNT-PIN
mnt-by: MNT-PIN
source: RIPE # Filtered

person: Metluk Nikolay Valeryevich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: nm@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 901 3149449
nic-hdl: MNV32-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

% Information related to '91.201.64.0/23as44050'

route: 91.201.64.0/23
descr: doneco 2 PIN
origin: as44050
mnt-by: MNT-PIN
source: RIPE # Filtered

 

a whois lookup on that IP shows the following:

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 91.0.0.0 - 91.255.255.255
CIDR: 91.0.0.0/8
NetName: 91-RIPE
NetHandle: NET-91-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2005-06-30
Updated: 2009-05-18

# ARIN WHOIS database, last updated 2010-04-10 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '91.201.64.0 - 91.201.67.255'

inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
org: ORG-DS41-RIPE
admin-c: MNV32-RIPE
tech-c: MNV32-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-DONECO
mnt-by: MNT-DONECO
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: MHOST-MNT
mnt-routes: MNT-PIN
mnt-domains: MHOST-MNT
source: RIPE # Filtered

organisation: ORG-DS41-RIPE
org-name: DonEko Service
org-type: OTHER
address: novocherkassk, ul stremyannaya d.6
e-mail: admin@pinspb.ru
mnt-ref: MNT-PIN
mnt-by: MNT-PIN
source: RIPE # Filtered

person: Metluk Nikolay Valeryevich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: nm@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 901 3149449
nic-hdl: MNV32-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

% Information related to '91.201.64.0/23as44050'

route: 91.201.64.0/23
descr: doneco 2 PIN
origin: as44050
mnt-by: MNT-PIN
source: RIPE # Filtered