Just updated and 207.217.120.83 is connecting to my computer using port 53

Discussion in 'other firewalls' started by jflores, May 21, 2005.

Thread Status:
Not open for further replies.
  1. jflores

    jflores Registered Member

    Joined:
    May 21, 2005
    Posts:
    2
    Does anyone know this fixed IP address? Since I updated my version this afternoon, I've been receiving unwanted communications from IP 207.217.120.83 using port 53. Firewall says "very risky" and recommends that I block it.

    Can anyone tell me if they know this IP or if they have experienced this also?

    Thanks!
     
  2. Arup

    Arup Guest

    Checking IP: 207.217.120.83...
    Name: rns3.earthlink.net
    IP: 207.217.120.83
    Domain: earthlink.net

    Querying whois.crsnic.net:43 for earthlink.net...
    >>Error: 10054, connection closed by remote side<<

    Querying whois.arin.net:43 for 207.217.120.83...

    OrgName: EarthLink Network, Inc.
    OrgID: ERTH
    Address: 1375 PEACHTREE ST, LEVEL A
    City: ATLANTA
    StateProv: GA
    PostalCode: 30309
    Country: US

    NetRange: 207.217.0.0 - 207.217.255.255
    CIDR: 207.217.0.0/16
    NetName: EARTHLINK-CIDR
    NetHandle: NET-207-217-0-0-1
    Parent: NET-207-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS1.EARTHLINK.NET
    NameServer: DNS2.EARTHLINK.NET
    NameServer: DNS3.EARTHLINK.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 1996-10-04
    Updated: 2001-10-09

    TechHandle: DAE4-ARIN
    TechName: Domain Administrator, Administrator
    TechPhone: +1-404-815-0770
    TechEmail: mailto:arinpoc@corp.earthlink.net

    OrgAbuseHandle: ABUSE60-ARIN
    OrgAbuseName: ABUSE TEAM
    OrgAbusePhone: +1-404-815-0770
    OrgAbuseEmail: mailto:abuse@abuse.earthlink.net

    OrgTechHandle: ELNK-ORG-ARIN
    OrgTechName: EarthLink, Inc.
    OrgTechPhone: +1-404-815-0770
    OrgTechEmail: mailto:arin_tech@lists.corp.earthlink.net

    # ARIN WHOIS database, last updated 2005-05-20 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Here is what I got from WHOIS, most likely it looks like a webhost or ISP.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Welcome to the forum Jflores,

    Is your ISP Earthlink? If so, then this traffic is very likely legitimate and even necessary - port 53 is used for DNS which is how applications lookup an IP address for a domain name (e.g. wilderssecurity.com has the IP address 64.91.226.241) which has to be done in order to make a connection anywhere.

    The address you gave was for rns3.earthlink.net so if this is one of your DNS servers (opening a command prompt window, typing ipconfig /all and checking the DNS servers addresses listed there would confirm this) then your firewall was raising a false alarm.
     
  4. jflores

    jflores Registered Member

    Joined:
    May 21, 2005
    Posts:
    2
    Thanks for you replies, Arup and Paranoid.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.