U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 10-14-2011, 08:07 PM
 
11,581 posts, read 11,580,690 times
Reputation: 3719

Advertisements

I get this little window with that message from my antivirus program several times a day. I know the nature of how someone is scanning my computer to look for a port to trying to get inside, but the remote IP is always the same: 192.168.1.254. I assume the local IP is me; that is also always the same but it bugs me that it appears the exact same person is trying to access my computer dozens of times a week. I googled the IP and could not find anything useful on it. Is this a malicious attack by a lone hacker or is it something like a business, maybe even my own server trying to contact me in a benign way? Thanks for any input that can help me understand what's going on.
Reply With Quote Quick reply to this message

 
Old 10-14-2011, 08:17 PM
 
15,924 posts, read 17,646,573 times
Reputation: 7645
192.168.1.x is usually your local router or another system connected to your router.

What type of network do you have at home, how many systems?

Wanna play it safe? Change your routers admin password.
Reply With Quote Quick reply to this message
 
Old 10-14-2011, 08:36 PM
 
11,581 posts, read 11,580,690 times
Reputation: 3719
Quote:
Originally Posted by plwhit View Post
192.168.1.x is usually your local router or another system connected to your router.

What type of network do you have at home, how many systems?

Wanna play it safe? Change your routers admin password.
Thanks for the info, plwhit. My server is SBC. I only have one system far as I know that is wired and wireless using a standard SBC modem. I don't know how to change a router's admin password--I'm not even aware if I have one or not. I have a password that SBC asks me to give if I want to talk about my account with them. Is that the router password you're referring to? And why would my own local router be trying to access my computer?
Reply With Quote Quick reply to this message
 
Old 10-14-2011, 09:27 PM
 
15,924 posts, read 17,646,573 times
Reputation: 7645
SBC server?

Sorry, am not familiar with SBC hardware...
Reply With Quote Quick reply to this message
 
Old 10-14-2011, 10:54 PM
 
16,308 posts, read 25,260,164 times
Reputation: 8302
Do you have a router, or is your computer connected directly to the modem?
If you have a router, is the wireless secure, or disabled it not needed, it may be a neighbor connecting to your wireless.

DSL or cable?

192.168.x.x is a private address range and not allowed on the internet. However based on how your ISP is configured it may be another subscriber, or a board tech at the ISP. I know that some DSL subscribers are assigned a private IP by the ISP, specifically AT&T in this case.

If you have a router, you should be immune from any port probes from everything except perhaps wireless that has been left open or has been compromised, which is easy if you are using WEP to secure it.

Searches will not find the IP assigned to anyone as a private IP, it is not assigned by the IANA, it is reserved for use in private networks, such as behind a router at home.
Reply With Quote Quick reply to this message
 
Old 10-14-2011, 11:29 PM
 
11,581 posts, read 11,580,690 times
Reputation: 3719
Quote:
Originally Posted by Asheville Native View Post
Do you have a router, or is your computer connected directly to the modem?
If you have a router, is the wireless secure, or disabled it not needed, it may be a neighbor connecting to your wireless. DSL or cable?
Thank you, Ashville. My computer is connected directly to the modem---no router. It is DSL connected by cable, but we do have wireless capability built into the modem. When you say 192.168 is a private address range does that mean it is used specifically by individuals like me and never businesses? And when you say it is not allowed on the internet, does that mean that the people using it are on the internet illegally in some way?

I get my internet through SBC and my bill comes form AT&T so I assume SBC is AT&T. Whether I have a private IP I don't know. As i don't have a router I rely on my antivirus to stop the attacks. If it is a private IP and is not supposed to be on the internet then I assume these people are trying to probe me illegally. Would that be a fair assumption? Why don't they get the fact that my antivirus keeps stopping then and will continue to do so? Why don't they just move on to the next victim?

PS I NEVER use wireless.



192.168.x.x is a private address range and not allowed on the internet. However based on how your ISP is configured it may be another subscriber, or a board tech at the ISP. I know that some DSL subscribers are assigned a private IP by the ISP, specifically AT&T in this case.

If you have a router, you should be immune from any port probes from everything except perhaps wireless that has been left open or has been compromised, which is easy if you are using WEP to secure it.

Searches will not find the IP assigned to anyone as a private IP, it is not assigned by the IANA, it is reserved for use in private networks, such as behind a router at home.[/quote]
Reply With Quote Quick reply to this message
 
Old 10-15-2011, 02:08 PM
 
Location: HoCo, MD
4,581 posts, read 8,192,327 times
Reputation: 5113
Private IPs are designated address pools that are used for private networks. Meaning they're simply used for networking home or businesses systems. These address are not used on the "public facing" internet. It has nothing to do with legality, just how the internet protocols are configured (backbone/Internet exchange routers on the Internet won't even route packets from those addresses). Compare it to internal phone extensions.

Whether or not this is your private home network will depend on how the network was designed. However, since you mentioned that your "modem" has wireless. Its most likely that its a router as well. So I would guess that it is your home network, and the device that is using the address 192.168.1.254 is most likely on the local network. This is just a guess based on the info provided....

Is your wireless network on (regardless if you're using it, it can still be on)? If so, someone may have just hopped on there gave themselves that address and started to scan the network. Also, what A/V program are you using? I'm guessing its also an HIDS as most A/V's by themselves will not detect port scans.

You definitely want to have admin access to your router. At the very least, you can turn off the wireless if you don't use it. But it also may provide additional info to who maybe connected to your network (if that is the case). Another option would be to use nmap to get a quick visualization of your network.
Reply With Quote Quick reply to this message
 
Old 10-15-2011, 03:31 PM
 
16,308 posts, read 25,260,164 times
Reputation: 8302
Post the make and model number on what you are calling the modem that was provided by your provider. That will give us a better idea how to help.
Reply With Quote Quick reply to this message
 
Old 10-16-2011, 12:32 AM
 
11,581 posts, read 11,580,690 times
Reputation: 3719
Quote:
Originally Posted by macroy View Post
Private IPs are designated address pools that are used for private networks. Meaning they're simply used for networking home or businesses systems. These address are not used on the "public facing" internet. It has nothing to do with legality, just how the internet protocols are configured (backbone/Internet exchange routers on the Internet won't even route packets from those addresses). Compare it to internal phone extensions.

Whether or not this is your private home network will depend on how the network was designed. However, since you mentioned that your "modem" has wireless. Its most likely that its a router as well. So I would guess that it is your home network, and the device that is using the address 192.168.1.254 is most likely on the local network. This is just a guess based on the info provided....

Is your wireless network on (regardless if you're using it, it can still be on)? If so, someone may have just hopped on there gave themselves that address and started to scan the network. Also, what A/V program are you using? I'm guessing its also an HIDS as most A/V's by themselves will not detect port scans.

You definitely want to have admin access to your router. At the very least, you can turn off the wireless if you don't use it. But it also may provide additional info to who maybe connected to your network (if that is the case). Another option would be to use nmap to get a quick visualization of your network.
Thanks for the detailed info, macroy. Most of what you say about public-facing internet and such is above my level of comprehension, but my a/v is kaspersky. It is top-of-the-line so I assume it is doing a right job of protecting me. We leave the wireless on just for convenience's sake, so I guess I'm running a risk with that. It's a trade-off, I suppose.

Ashville, my modem is a gateway but I can't read the model info---it's badly scratched from abuse. I really should ask SBC to send me another one because it's badly out-of-date.
Reply With Quote Quick reply to this message
 
Old 10-16-2011, 10:51 AM
 
16,308 posts, read 25,260,164 times
Reputation: 8302
Does it look like this?
http://www.gearxs.com/gearxs/images/31NEFGZHPBL._SS400.jpg (broken link)

If so, here is information that might help. Product Support Search - Pace

If your provider has set a password on the device blocking your ability to secure your wireless, DEMAND they give it to you so that you can secure your wireless to protect yourself from people connecting without your permission.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 05:04 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top