dav1492 | |
| 2005-12-13 17:34 - Respuestas: 2 - Tema nº: 2403588
Hola,
Tengo un Acer Aspire 1603LC, Pentium 4 2.66 GHz, Windows XP Home y contratada una línea Internet con Telefónica.
En el Personal Firewall Plus de McAfee me salen constantemente eventos de intento de acceso a algún puerto que son detenidos por el cortafuegos.
Los intentos provienen de servidores de Telefónica y la dirección IP de origen cambia cada vez.
¿Es esto normal? ¿O se trata de un ataque?
Si lo rastreo, me sale en "vista de personas registradas" esto:
Domain Name................ rima-tde.net
Creation Date............ 14/09/2001
Expiry Date.............. 14/09/2006
Last Update Date......... 09/02/2004
Organization Contact Id.... PROP-1052-00039049
Organization Name........ TELEFONICA, S.A.
Organization Org......... TELEFONICA, S.A.
Organization Street...... GRAN VIA, 28
Organization City........ MADRID
Organization State....... MADRID
Organization PC.......... 28013
Organization Country..... ES
Organization Phone....... +34.915844680
Organization e-mail...... propiedad.industrial@telefonica.es
Administrative Contact Id.. 1052-00136019
Administrative Name...... JUAN GRAGERA GALLARDO
Administrative Org....... TELEFONICA S.A.
Administrative Street.... GRAN VIA 28
Administrative City...... MADRID
Administrative State..... MADRID
Administrative PC........ E-28013
Administrative Country... ES
Administrative Phone..... +34.91.584.46.80
Administrative Fax....... +34.91.584.46.89
Administrative e-mail.... propiedad.industrial@telefonica.es
Technical Contact Id....... 1052-00122052
Technical Name........... DOMAIN MANAGER
Technical Org............ *
Technical Street......... NULL NULL
Technical City........... NULL
Technical State.......... NULL
Technical PC............. NULL
Technical Country........ ES
Technical Phone.......... +34.914138956
Technical Fax............ +34.910000000
Technical e-mail......... TECNICO.DOMINIOS@TELEFONICA.ES
Domain servers in listed order:
Name Server............. RSDMNO1-06.RIMA-TDE.NET
Name Server............. RSDBET1-06.RIMA-TDE.NET
Interdomain's WHOIS database is provided by Interdomain for information
purposes only, proving information about or related to a domain name
registration record.
Interdomain makes this information available as is, and does not guarantee
its accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
(1) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone; or (2) enable high volume, automated, electronic processes that
apply to Interdomain (or its systems). The compilation, repackaging,
dissemination or other use of this data is expressly prohibited without the
prior written consent of Interdomain.
Interdomain reserves the right to terminate your access to the Interdomain's
WHOIS database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this policy.
Interdomain reserves the right to modify these terms at any time. By
submitting this query, you agree to abide by these terms.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD
DOES NOT SIGNIFY DOMAIN AVAILABILITY.
y en "vista de red" esto:
This is the RIPE Whois query server 1.
The objects are in RPSL format.
Note: the default output of the RIPE Whois server
is changed. Your tools may need to be adjusted. See
http://www.ripe.net/db/news/abuse-proposal-20050331.html
for more details.
Rights restricted by copyright.
See http://www.ripe.net/db/copyright.html
Note: This output has been filtered.
To receive output for a database update, use the -B flag.
Information related to '81.40.0.0 - 81.43.86.255'
inetnum: 81.40.0.0 - 81.43.86.255
netname: RIMA
descr: Telefonica de Espana SAU
descr: Red de servicios IP
descr: Spain
country: ES
admin-c: LJP5-RIPE
tech-c: FLT14-RIPE
status: ASSIGNED PA
remarks: ***************************************************
remarks: For ABUSE/SPAM/INTRUSION issues
remarks: PLEASE CONTACT ONLY THROUGH LINK
remarks: http://www.telefonicaonline.com/nemesys/
remarks: or send mail to nemesys@telefonica.es
remarks: any mail to adminis.ripe@telefonica.es will be ignored
remarks: ***************************************************
mnt-by: MAINT-TdE
source: RIPE Filtered
person: L Jimenez
address: TELEFONICA DE ESPANA
address: Emilio Vargas, 4
address: 28043-MADRID
address: SPAIN
phone: +34 91 5846497
fax-no: +34 91 5842650
e-mail: adminis.ripe@telefonica.es
nic-hdl: LJP5-RIPE
mnt-by: MAINT-TdE
remarks: ***************************************************
remarks: For ABUSE/SPAM/INTRUSION issues
remarks: PLEASE CONTACT THROUGH LINK
remarks: http://www.telefonicaonline.com/nemesys/
remarks: or send mail to nemesys@telefonica.es
remarks: any mail to adminis.ripe@telefonica.es will be ignored
remarks: ***************************************************
source: RIPE Filtered
person: Francisco Lorenzo de Tuero
address: TELEFONICA DE ESPANA
address: Emilio Vargas, 4
address: 28043-MADRID
address: SPAIN
phone: +34 91 5194446
fax-no: +34 91 5846936
remarks: ***************************************************
remarks: For ABUSE/SPAM/INTRUSION issues
remarks: PLEASE CONTACT THROUGH LINK
remarks: http://www.telefonicaonline.com/nemesys/
remarks: or send mail to nemesys@telefonica.es
remarks: any mail to adminis.ripe@telefonica.es will be ignored
remarks: ***************************************************
e-mail: francisco.lorenzodetuero@telefonica.es
nic-hdl: FLT14-RIPE
mnt-by: MAINT-TdE
source: RIPE Filtered
Information related to '81.40.0.0/16AS3352'
route: 81.40.0.0/16
descr: RIMA (Red IP Multi Acceso)
origin: AS3352
mnt-by: MAINT-AS3352
source: RIPE Filtered
| |
|
|
zur777 | |
|
Re: Intento de acceso a puerto - 2005-12-13 18:45 - Respuesta 2
Aupa peña:
Mira dav1492, no te puedo ayudar por que no he utilizado el Firewall de McAfee aunque creo que alguna vez si que me ha tocado ver, avisos de Firewall y al comprobar la direccion ip, ver que es el Dns de la conexion de red. No le di mucha inportancia, por que supuse que era cuestion de protocolos y de el nivel de seguridad que tenia configurado.
De todas formas el whois es la leche, solo falta que nos den el numero de cuenta bancaria del administrador de Telefonica.
Un saludo | |
|
|
pelones | |
|
Re: Intento de acceso a puerto - 2005-12-21 14:42 - Respuesta 3
Me pasa lo mismo, y estoy arta no se que hacer, ni qué quiere decir tanto ataque. Alquien puede dar alguna explicación por favor. | |
|
|
|