bulkniffum at iinet.net.au
Sun Jan 11 19:01:30 WST 2009
I tried nslookup to resolve the ip address, I didn't know about dig -x..
I thought it may be a dodgy host because i would expect that a non
dodgy host would have created a reverse lookup that i could just nslookup.
Trend is installed on this pc so that would be why. I was about to
add that ip address to my already huge hosts.deny
At 05:52 PM 11/01/2009, you wrote:
>it seems that the IP address is hosted in Japan.
>whois tells me
>inetnum: 126.96.36.199 - 188.8.131.52
>descr: Japan Network Information Center
>role: Japan Network Information Center
>address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
>address: Chiyoda-ku, Tokyo 101-0047, Japan
>and a reverse DNS tells me that trendmicro are using the specific IP.
>dig -x 184.108.40.206
>; <<>> DiG 9.3.4-P1 <<>> -x 220.127.116.11
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26411
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>;; QUESTION SECTION:
>;18.104.22.168.in-addr.arpa. IN PTR
>;; AUTHORITY SECTION:
>70.150.in-addr.arpa. 3600 IN SOA
>tmns1.trendmicro.com. dnsadmin.trendmicro.com. 55 60 600 86400 3600
>;; Query time: 1058 msec
>;; SERVER: 10.1.1.100#53(10.1.1.100)
>;; WHEN: Sun Jan 11 17:40:17 2009
>;; MSG SIZE rcvd: 108
>Not knowing your set up: is it possible you have the trendmicro
>antivirus software installed and that this is using a remote service
>to check websites for malicious code or what ever on the website?
>My dealings with Trendmicro is that their products are pretty good
>so I don't think that it is a dodgy remote host.
More information about the plug