Just updated and 207.217.120.83 is connecting to my computer using port 53

Does anyone know this fixed IP address? Since I updated my version this afternoon, I've been receiving unwanted communications from IP 207.217.120.83 using port 53. Firewall says "very risky" and recommends that I block it.

Can anyone tell me if they know this IP or if they have experienced this also?

Thanks!

 

Checking IP: 207.217.120.83...
Name: rns3.earthlink.net
IP: 207.217.120.83
Domain: earthlink.net

Querying whois.crsnic.net:43 for earthlink.net...
>>Error: 10054, connection closed by remote side<<

Querying whois.arin.net:43 for 207.217.120.83...

OrgName: EarthLink Network, Inc.
OrgID: ERTH
Address: 1375 PEACHTREE ST, LEVEL A
City: ATLANTA
StateProv: GA
PostalCode: 30309
Country: US

NetRange: 207.217.0.0 - 207.217.255.255
CIDR: 207.217.0.0/16
NetName: EARTHLINK-CIDR
NetHandle: NET-207-217-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.EARTHLINK.NET
NameServer: DNS2.EARTHLINK.NET
NameServer: DNS3.EARTHLINK.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1996-10-04
Updated: 2001-10-09

TechHandle: DAE4-ARIN
TechName: Domain Administrator, Administrator
TechPhone: +1-404-815-0770
TechEmail: mailto:arinpoc@corp.earthlink.net

OrgAbuseHandle: ABUSE60-ARIN
OrgAbuseName: ABUSE TEAM
OrgAbusePhone: +1-404-815-0770
OrgAbuseEmail: mailto:abuse@abuse.earthlink.net

OrgTechHandle: ELNK-ORG-ARIN
OrgTechName: EarthLink, Inc.
OrgTechPhone: +1-404-815-0770
OrgTechEmail: mailto:arin_tech@lists.corp.earthlink.net

# ARIN WHOIS database, last updated 2005-05-20 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Here is what I got from WHOIS, most likely it looks like a webhost or ISP.

 

Welcome to the forum Jflores,

Is your ISP Earthlink? If so, then this traffic is very likely legitimate and even necessary - port 53 is used for DNS which is how applications lookup an IP address for a domain name (e.g. wilderssecurity.com has the IP address 64.91.226.241) which has to be done in order to make a connection anywhere.

The address you gave was for rns3.earthlink.net so if this is one of your DNS servers (opening a command prompt window, typing ipconfig /all and checking the DNS servers addresses listed there would confirm this) then your firewall was raising a false alarm.

 

Thanks for you replies, Arup and Paranoid.