Adrian F

I got a firewall warning off of my Norton package should i be worried does this mean i have some thing on my PC or that i am being targeted (i am taking my ex-employee to tribunal) how did they know the name of my PC? i am only recently swapped to a new mobile broadband connection so how did it find my? or is it just a random attack?

Risk name Eleonore Toolkit activity

Attacking computer onlinesoft.name (91.201.64.8, 80)

Attacking URL. Onlinsoft.name/3dd/index.php

destination address (Adrian PC 92**

source address 91.201.64.8 (91.201.64.8)

Traffic description TCP, www-http

Application path \device\hardiskvolume2\program files\internetexplorer\Iexplore.exe

status blocked

Kieran_Burns

iTrader: (1)

So you were browsing a dodgy Polish web-site and got sniffed?

Be careful where you look next time

Adrian F

No on that laptop and dongle not been anywhere more risky than Scoobynet, pistonheads, LFTO (walking forum) big brand name email web access pages that sort of thing, that is why i was concerned.

If i had been on a dodgy site i would have expected the firewall to show a problem and asked how to clean my PC!

Markus

a whois lookup on that IP shows the following:

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 91.0.0.0 - 91.255.255.255
CIDR: 91.0.0.0/8
NetName: 91-RIPE
NetHandle: NET-91-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2005-06-30
Updated: 2009-05-18

# ARIN WHOIS database, last updated 2010-04-10 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '91.201.64.0 - 91.201.67.255'

inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
org: ORG-DS41-RIPE
admin-c: MNV32-RIPE
tech-c: MNV32-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-DONECO
mnt-by: MNT-DONECO
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: MHOST-MNT
mnt-routes: MNT-PIN
mnt-domains: MHOST-MNT
source: RIPE # Filtered

organisation: ORG-DS41-RIPE
org-name: DonEko Service
org-type: OTHER
address: novocherkassk, ul stremyannaya d.6
e-mail: admin@pinspb.ru
mnt-ref: MNT-PIN
mnt-by: MNT-PIN
source: RIPE # Filtered

person: Metluk Nikolay Valeryevich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: nm@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 901 3149449
nic-hdl: MNV32-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

% Information related to '91.201.64.0/23as44050'

route: 91.201.64.0/23
descr: doneco 2 PIN
origin: as44050
mnt-by: MNT-PIN
source: RIPE # Filtered

Markus

a whois lookup on that IP shows the following:

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 91.0.0.0 - 91.255.255.255
CIDR: 91.0.0.0/8
NetName: 91-RIPE
NetHandle: NET-91-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2005-06-30
Updated: 2009-05-18

# ARIN WHOIS database, last updated 2010-04-10 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '91.201.64.0 - 91.201.67.255'

inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
org: ORG-DS41-RIPE
admin-c: MNV32-RIPE
tech-c: MNV32-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-DONECO
mnt-by: MNT-DONECO
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: MHOST-MNT
mnt-routes: MNT-PIN
mnt-domains: MHOST-MNT
source: RIPE # Filtered

organisation: ORG-DS41-RIPE
org-name: DonEko Service
org-type: OTHER
address: novocherkassk, ul stremyannaya d.6
e-mail: admin@pinspb.ru
mnt-ref: MNT-PIN
mnt-by: MNT-PIN
source: RIPE # Filtered

person: Metluk Nikolay Valeryevich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: nm@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 901 3149449
nic-hdl: MNV32-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

% Information related to '91.201.64.0/23as44050'

route: 91.201.64.0/23
descr: doneco 2 PIN
origin: as44050
mnt-by: MNT-PIN
source: RIPE # Filtered