This is kind of spooky

I updated my blocklist yesterday all was well,

I checked my running log this morning and noticed the same ip being blocked over and over, at twice per second intervals. I used PC Flank to see who the IP belonged to, it belongs to the "Internet Corporation for Assigned Names and Numbers."

The spooky part is the block for the IP I looked up was "reserved for special purposes" even spookier it stopped broadcasting to me after I used PC Flack to look it up then almost five minutes later it started again.

I have been leaning away from using JAP, TOR and other type of proxy service because I believe it makes you a bigger target than you were without them these days. However I sure do not like some unknown entity trying to stick its nose where it does not belong so I maybe changing my opinion real quick.

 

It sounds quite likely that the IP address was one used for private networks (as defined in RFC 1918 - Address Allocation for Private Internets). Such addreses will be used by companies and ISPs for their internal networks, not for systems on the Internet itself.

These addresses are listed as belonging to IANA for administrative convenience (in reality they are used in countless private networks so listing every "owner" would be impractical) - the "intrusion attempt" is most likely coming from another user at your ISP, not Big Brother.

As for JAP/Tor users attracting more attention, the better solution is to use them all the time and to encourage others to do so too. Then it becomes harder for the powers-that-be to pick out individual users from the crowd. Without such software, it is trivial for your ISP to keep a log of every website you visit and note every term you use in a search engine (e.g. searches in Google return URLs like http://www.google.com/search?q=goat+pr0n).

 

Yes it is RFC 1918,

I know that they are being blocked and I should not worry about it but it still annoys me so just to be safe I think I will install JAP today or subscribe to a private security service.

Here is a snippet of my log for the curious:

1:12:51 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:12:51 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:12:41 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:12:41 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:11:01 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:11:01 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:10:20 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:10:20 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:08:36 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:08:36 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:40 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:40 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:39 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:39 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:36 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana
1:05:35 PM 10.97.192.1 255.255.255.255 10.0.0.0-10.255.255.255#IANA - Private Use [RFC1918], A.D.Vision.Iana

 

Assuming those entries were coming from Outpost's Blockpost plugin, you may wish to investigate that address a bit more first. If it is your default gateway or DNS server (check by running ipconfig /all from a command prompt window) then it is almost surely legitimate traffic and you should not be blocking it.

Blockpost will block whatever you tell it to block and some of the blocklists available are very broad in what they cover (some include the JAP servers for instance, stopping you from using that service). It is therefore important to consider carefully which blocklists are appropriate - not just using every single one out there.

 

Oh for crap sake it is one of my ISP's servers, why would they hide it and not slap their name on it? I removed it from my blocklist and all is good.

I do toss every blocklist I can find in to my mix and then remove certain IP’s as needed to get on sites like Google for example that does get blocked in one of the lists. I figure the bigger the blanket the better.

Thanks for solving the mystery.

 

Private IP address ranges are intended for use for internal networks, thereby reducing demand for public IP addresses. This means that such an address is likely to be used by thousands (at least!) of locations so sites like DNSStuff cannot reasonably be expected to report this (indeed details of private addresses, like routing information, are not supposed to be sent out onto the Internet at all, to avoid confusing and contradictory information).

Doing a tracert on IP addresses should give a good idea of which ISP they belong to in many cases.

Blocking Google eh? Just disconnect your network cable - gives 100% security far more easily.