| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Retired Forums
Forum: The New Members Forum [Read Only]
Thread: Since I joined I get Portscans from IBM Almaden |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 32
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
i dont see any answers.
this is not only poor but strange. tom |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Well, there was a post from Rick Alther. But as we checked our log files, only a few people were getting those signals, and MNTechnoGuy recorded them back in October, so we decided that whatever it was, it was not connected with the Grid. Most likely it is just someone spoofing an IBM address.
|
|||
|
||||
|
deltavee
Ace Cruncher Texas Hill Country Joined: Nov 17, 2004 Post Count: 4848 Status: Offline Project Badges: 
|
I've gotten five scans from these guys just today. Maybe it is just a coincidence, but it started the day I joined the WCG.
----------------------------------------Intrusion detected and blocked. All communication with 129.33.82.50 will be blocked for 30 minutes. OrgID: IARC CustName: IBM Almaden Research Center Street: 3039 Cornwallis Rd. City: Research Triangle Park StateProv: NC Country: US RegDate: 1989-06-22 Updated: 2001-01-30 NetHandle: NET-129-33-0-0-1 OrgID: IARC Parent: NET-129-0-0-0-0 NetName: IBM-ALMADEN NetRange: 129.33.0.0 - 129.33.255.255 NetType: assignment RegDate: 1989-06-22 Updated: 2001-01-30 NameServer: NS1.RALEIGH.USF.IBM.COM NameServer: NS2.RALEIGH.USF.IBM.COM TechHandle: ZI22-ARIN TechHandle: ZI22-ARIN TechName: IBM Corporation TechPhone: +1-607-755-3809 TechEmail: noc@ibm.com  [Edit 2 times, last edit by deltavee at Dec 5, 2004 11:35:49 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I just checked my logs. I deleted them back in November after looking for this activity and not finding it. Again, they look normal so I, at least, am not a 'person of interest'. Sounds ominous, doesn't it? [Big Grin]
|
|||
|
||||
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hi lawrence,
Well, there was a post from Rick Alther. Yes. I saw. But as we checked our log files, only a few people were getting those signals, and MNTechnoGuy recorded them back in October, so we decided that whatever it was, it was not connected with the Grid. Most likely it is just someone spoofing an IBM address. Maybe MNTechnoGuy is wrong. Maybe, the Problem is not yet checked. I dont think this is a spoofed IBM IP, because this scan is some very special sort of scan. However, i dont see a security problem but after 2 results for Heise Team Germany i will now wait for an official answer (until i join back to this project _after_ that answer). tom |
||
|
|
Alther
Former World Community Grid Tech United States of America Joined: Sep 30, 2004 Post Count: 414 Status: Offline Project Badges: 
|
These traceroutes are indeed coming from IBM. They happen whenever someone downloads any significant data from an IBM hosting center. Since IBM uses multiple ISPs, they're done to find the most efficient route to the client to improve throughput. This is why some people noticed these before joining World Community Grid.
----------------------------------------They are using software from Route Science (http://www.routescience.com/), if you want to know more. Bottom line, traceroutes are harmless and, in this case, useful for getting the data to you efficently. Hope this clears up this little mystery. We'll be adding this to our network FAQ for future reference.
Rick Alther
----------------------------------------Former World Community Grid Developer [Edit 1 times, last edit by Alther at Dec 6, 2004 11:22:26 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
A good anwer. Now I have to assume that they already knew the most efficient route to my ISP and so did nt bombard me. I always run into puzzles like this when I get dragged into network problems.
|
|||
|
||||
|
deltavee
Ace Cruncher Texas Hill Country Joined: Nov 17, 2004 Post Count: 4848 Status: Offline Project Badges:
|
Thank you for the info. I'm glad to hear it's benign.
---------------------------------------- |
||
|
|
Viktors
Former World Community Grid Tech Joined: Sep 20, 2004 Post Count: 653 Status: Offline Project Badges: 
|
Some users have noticed, via their software firewall, that trace-route scans apparently coming from IBM domains occur after communicating with the World Community Grid server. These are in fact normal and not someone trying to break into your machine. These are used to measure which of several paths through the Internet give the best communication performance to your machine. The servers are located in a massive hosting center, which regularly optimizes traffic between users and the servers by shifting communications among several Internet providers, depending on the destination and trace-route measurements. You can read more about this at http://www.routescience.com/ .
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
good informations. thank you all.
tom |
||
|
|
|