cancel
Showing results for 
Search instead for 
Did you mean: 

Constantly being "probed"...

Teatime
Grafter
Posts: 61
Registered: 05-04-2007

Constantly being "probed"...

Is anyone else suffering from constant probes from addresses in the 66.117.41.xx range? This seems to be some site called probe.cirn.net. I've only noticed this in the past week, but it is happening constantly, all day every day - ICMP traffic from port 8 to port 0. What on earth is that site? I tried httping to 66.117.41.12, and it comes up with a 1x1 pixel GIF...

Ivor
9 REPLIES
N/A

Constantly being "probed"...

Welcome to the world of the internet. This is another example of why NAT routing modems (preferably with SPI firewalls) are a good idea.
Teatime
Grafter
Posts: 61
Registered: 05-04-2007

Constantly being "probed"...

Thanks for the belated welcome - I've been using the Internet for 15 years! :lol: My firewall is Sygate Personal. I am used to odd probes that give up after they find I am stealthed, but this one is relentless! I am curious as to what probe.cirn.net actually is supposed to be doing...

Ivor
N/A

Constantly being "probed"...

Well, after 15 years you should have figured out some of the basic tools. Thr IP address is owned by :-
OrgName: Carpathia Hosting
OrgID: CARPA-3
Address: 2101 Mill Rd
Address: Suite 106
City: Alexandria
StateProv: VA
PostalCode: 22314
Country: US

and you can report abuse via

OrgAbuseHandle: KSB1-ARIN
OrgAbuseName: Bethke, Kenneth Scott
OrgAbusePhone: +1-703-740-1730
OrgAbuseEmail: abuse@carpathiahost.com

WHOIS is currently not playing so you'll have to wait for the registrant details.
Teatime
Grafter
Posts: 61
Registered: 05-04-2007

Constantly being "probed"...

Hmm... well... obviously I DID do that... I was trying to get information about the NATURE of these probes... for information about what is happening, and whether anyone else is noticing such connections. I am curious as to why the probes are so relentless.
Pathfinder
Grafter
Posts: 406
Registered: 31-07-2007

Constantly being "probed"...

Usually it is just a virus running on that users PC and they are unaware of the fact.

I have been getting hit by a handful of IP's from China for the last couple of weeks. As long as you are firewalled I would not worry about it.

Submitting an abuse report would not probably yield any rapid results and the probing will have stopped by the time the ISP decides to investigate.
Teatime
Grafter
Posts: 61
Registered: 05-04-2007

Constantly being "probed"...

Yeah, I wanted to get as much background information as possible before thinking of submitting an abuse report. But this is not some random PC that is probing: it is a variety of addresses in the 66.117.41.xx range, all of which reverse-DNS shows as being probe.cirn.net, although probe.cirn.net itself does not resolve. And these probes show no sign of stopping!
Pathfinder
Grafter
Posts: 406
Registered: 31-07-2007

Constantly being "probed"...

Looking on the web others have shown various ***-probe.cirn.net entries in their web stats and logs. Example - http://www.dslreports.com/forum/remark,9444665

Nothing to worry about I say, it should just die out.

Did you ever run or still run a blog? I used to and got loads of strange hits from stats servers and the like. Two years on I still see some of them!
Teatime
Grafter
Posts: 61
Registered: 05-04-2007

Constantly being "probed"...

Thanks for the URL. No, I have never run any blogs or suchlike. I went away on holiday for 3 weeks... came back.. and these probes started. Maybe I'll just go on holiday again and hope they disappear too Smiley For now, I'll pretend not to see them Smiley
Eserim
Rising Star
Posts: 376
Thanks: 17
Registered: 01-08-2007

Constantly being "probed"...

although it is from a variety of IP addresses in that range it still could be from a single PC on a none fixed IP address package like our BB+ - getting a different IP each time the PC is switched on.

All my logs currently show the only blocked IPs are all Plus Net users! Sad