Just updated and 207.217.120.83 is connecting to my computer using port 53

Discussion in 'other firewalls' started by jflores, May 21, 2005.

Thread Status:
Not open for further replies.
  1. jflores

    jflores Registered Member

    Joined:
    May 21, 2005
    Posts:
    2
    Does anyone know this fixed IP address? Since I updated my version this afternoon, I've been receiving unwanted communications from IP 207.217.120.83 using port 53. Firewall says "very risky" and recommends that I block it.

    Can anyone tell me if they know this IP or if they have experienced this also?

    Thanks!
     
  2. Arup

    Arup Guest

    Checking IP: 207.217.120.83...
    Name: rns3.earthlink.net
    IP: 207.217.120.83
    Domain: earthlink.net

    Querying whois.crsnic.net:43 for earthlink.net...
    >>Error: 10054, connection closed by remote side<<

    Querying whois.arin.net:43 for 207.217.120.83...

    OrgName: EarthLink Network, Inc.
    OrgID: ERTH
    Address: 1375 PEACHTREE ST, LEVEL A
    City: ATLANTA
    StateProv: GA
    PostalCode: 30309
    Country: US

    NetRange: 207.217.0.0 - 207.217.255.255
    CIDR: 207.217.0.0/16
    NetName: EARTHLINK-CIDR
    NetHandle: NET-207-217-0-0-1
    Parent: NET-207-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS1.EARTHLINK.NET
    NameServer: DNS2.EARTHLINK.NET
    NameServer: DNS3.EARTHLINK.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 1996-10-04
    Updated: 2001-10-09

    TechHandle: DAE4-ARIN
    TechName: Domain Administrator, Administrator
    TechPhone: +1-404-815-0770
    TechEmail: mailto:arinpoc@corp.earthlink.net

    OrgAbuseHandle: ABUSE60-ARIN
    OrgAbuseName: ABUSE TEAM
    OrgAbusePhone: +1-404-815-0770
    OrgAbuseEmail: mailto:abuse@abuse.earthlink.net

    OrgTechHandle: ELNK-ORG-ARIN
    OrgTechName: EarthLink, Inc.
    OrgTechPhone: +1-404-815-0770
    OrgTechEmail: mailto:arin_tech@lists.corp.earthlink.net

    # ARIN WHOIS database, last updated 2005-05-20 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Here is what I got from WHOIS, most likely it looks like a webhost or ISP.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Welcome to the forum Jflores,

    Is your ISP Earthlink? If so, then this traffic is very likely legitimate and even necessary - port 53 is used for DNS which is how applications lookup an IP address for a domain name (e.g. wilderssecurity.com has the IP address 64.91.226.241) which has to be done in order to make a connection anywhere.

    The address you gave was for rns3.earthlink.net so if this is one of your DNS servers (opening a command prompt window, typing ipconfig /all and checking the DNS servers addresses listed there would confirm this) then your firewall was raising a false alarm.
     
  4. jflores

    jflores Registered Member

    Joined:
    May 21, 2005
    Posts:
    2
    Thanks for you replies, Arup and Paranoid.
     
Loading...
Thread Status:
Not open for further replies.