ping ping ping ping

[dtex]

I'm getting hundreds/hour, from random addresses, even if I just go to my home page. AVG and Zone Alarm on w-95. No virus found, either thru AVG or housecall. No problems with the computer. Is this one of the symproms of blaster trying to find an open port? Early in the week, I was getting lots of alerts in ZA concerning port 135, but now its just a bunch of pings, like this:

The firewall has blocked Internet access to your computer (ICMP Echo Request ('Ping')) from 65.179.224.59.

Time: 8/22/03 12:03:08 AM


The firewall has blocked Internet access to your computer (ICMP Echo Request ('Ping')) from 65.177.80.191.

Time: 8/22/03 12:04:50 AM

[ktkendall]

There is somewhere U can go to find out who belongs to those IP addresses.

[Naja]

You can look up domain owners thru whois.net or many versions of it.
But they don't all give you the option of looking up a domain by the IP address.

I went here because they do, and give the quickest, best and most complete response:


Global Whois Gateway


The results for: 65.179.224.59

OrgName: Sprint
OrgID: SPDN
Address: 12502 Sunrise Valley Dr
City: Reston
StateProv: VA
PostalCode: 20196
Country: US

NetRange: 65.176.0.0 - 65.181.31.255
CIDR: 65.176.0.0/14, 65.180.0.0/16, 65.181.0.0/19
NetName: SPRINT-IPDIAL-2BLK
NetHandle: NET-65-176-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DIALSPRINT.NET
NameServer: NS2.DIALSPRINT.NET
NameServer: NS3.DIALSPRINT.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-08-07
Updated: 2001-12-26

TechHandle: SPRINT-NOC-ARIN
TechName: Sprintlink (Sprint)
TechPhone: +1-800-232-6895
TechEmail: NOC@sprint.net

OrgTechHandle: ARINS-ARIN
OrgTechName: arin-sprint-iprequest
OrgTechPhone: +1-800-232-3458
OrgTechEmail: ip-req@sprint.net

# ARIN WHOIS database, last updated 2003-08-20 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.


The results for: 65.177.80.191


OrgName: Sprint
OrgID: SPDN
Address: 12502 Sunrise Valley Dr
City: Reston
StateProv: VA
PostalCode: 20196
Country: US

NetRange: 65.176.0.0 - 65.181.31.255
CIDR: 65.176.0.0/14, 65.180.0.0/16, 65.181.0.0/19
NetName: SPRINT-IPDIAL-2BLK
NetHandle: NET-65-176-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DIALSPRINT.NET
NameServer: NS2.DIALSPRINT.NET
NameServer: NS3.DIALSPRINT.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-08-07
Updated: 2001-12-26

TechHandle: SPRINT-NOC-ARIN
TechName: Sprintlink (Sprint)
TechPhone: +1-800-232-6895
TechEmail: NOC@sprint.net

OrgTechHandle: ARINS-ARIN
OrgTechName: arin-sprint-iprequest
OrgTechPhone: +1-800-232-3458
OrgTechEmail: ip-req@sprint.net

# ARIN WHOIS database, last updated 2003-08-20 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.



Apparently sprint's servers are the one's pinging u unless it's being down by a hacker using their servers.

Also, if u notice the 2 IP addresses that u listed fall into sprints listed IPs:
NetRange: 65.176.0.0 - 65.181.31.255

[doctorgonzo]

It is probably the just blaster worm, or the "good" worm that is also travelling around trying to patch affected systems.

Your firewall is doing its job by blocking them, so you don't need to worry any further.

[Naja]

Probably the Good worm--After reading the inital post I checked My PC-Cilin firewall and I was/still am getting pinged by Qwest. I'm with msn but Qwest is their provider.

[dtex]

That makes sense, since Earthlink is my ISP, and they are part of Sprint.
Appreciate the replies.

[oryx]

Today is really bad. More than 500 pings by Zone Alarm in a couple of hours. Most of them are from this source.

"The firewall has blocked Internet access to your computer (TCP Port 2279) from 24.51.3.40 (TCP Port 43208) [TCP Flags: S]."