How do I find out info on an IP address (whois)?

[ArcticFox]

I'm currently getting molested by random computers on strange ports, and would like to find out more info on these people trying to get into my pr0n stash (it's notoriously huge....everyone wants access j/k). Anyways 52 alerts....wait 56....61.....you get the point. I believe some of them *may* be coming from the laptop connected to our DSL modem through USB, but I can't be sure as it's not a PC I can see what IP it uses.

Here at ResellerRatings SocalGal and freinds seem to rack up a tonne of info on people, and some is through IP addresses. Other's make posts asking why such and such is accessing my comps on weird ports. How do you get this data on what ISP they are on/where they live etc? Whois? Not sure how to use that, it isn't a DOS command.

BTW - please don't go on about "oh your just being a paranoid goat", when I'm at 96 alerts and counting and no other computer is on my network, I get a little concerned as they are coming from all different IP addresses. No antivirus installed here, I'm stuck on an AMD K6-2 300-something and need all the resources I can get until I get back to my non-sucky PC in a couple days.

http://www.dslreports.com/whois

[ArcticFox]

Cool beans, thanks dog.

Is their any program to, um, run a mass search since I'm up at 134 alerts right now? Just curious, I have nothing better to do.

Oops 136........138.....

alot of people like this program

http://www.visualware.com/personal/p...ute/index.html

what ports are they hitting?

[VHockey86]

Although its annoying this kind of stuff is quite common....
Like GZ3 said, ports can give you some hints.
Things like 135-139 tend to be very common for random worm scans and a plethora of other "attacks" (I believe this is b/c they are netBIOS ports but im not sure).

P2P clients are also going to cause you to get massive incoming connections, especially networks with manditory sharing like overnet.

Using a spam-attractive browser such as IE will also cause this, not to mention many many websites send out a scan to see what browser/operating system everyone is using that visits their site and logs this on the server.

Since I reisntalled windows about 6 months ago zone alarm has over 17000 blocked "attacks" with 300 being "high rated"

To be perfectly honest I wouldnt worry about it, especially since they are being blocked ne ways (hence their detection)

[yclyde]

Some v.good help here. Depends on what you are looking for.

http://www.atelierweb.com/iploc/index.htm

[ArcticFox]

Well what's interesting is some are coming from the ports you mentioned (IE 135), but others, 6882? 445? Anyways since my first post 345 alerts, wait 347, have been counted.

Also I've seen this happening before: someone installs ZoneAlarm on one of their PCs, and wonders why 80,000 requests to connect are coming from the same IP address. It's other comps on your LAN, doofus, run IPConfig on a couple of your comps and I'll prove it to you. I know, I've had it too, but I'm almost always behind a Netgear wireless router with NAT so I leave my ZoneAlarm firewalls off for compatibilities sake.

http://www.iss.net/security_center/a...ts/default.htm

http://www.chebucto.ns.ca/~rakerman/port-table.html

http://www.networksorcery.com/enp/pr...ports00000.htm


Look up the ports

[ArcticFox]

Good links. I'm not really worried, it's those poor saps that don't know they have trojans/worms on their comps and are innocently propogating evil throughout the world.