Hi guys,
Tried logging into my online game account for lineage2 tonight, and it kept freezing up in game.
Tried to get into IL-2 game, and it wouldn't load levels from remote servers.
Into the old Vigor Router and NAT sessions and I have this one
So...that IP on the right takes me to a ropey looking foreign site that may be a web host.
ANd whays that port number? I don't recognise it?
Anyone help
Originally Posted by Advice Trinity by Knoxville
just thought....is that ME SENDING info ?
I've run housecall, and I'm clean.
turned off the PC in question for 5 minutes now and refreshed the NAT sessions list and it's still there....even though the PC is off. Allother sessions refresh everytime I hit the button.
Bit confused...though the Lineage 2 main website is dog slow too.
based on what you posted Zak the first thing I would ask is if you have uPNP enabled? I'm not familiar with which model you have, but the ports don't seem to be any standard services.
Also a quick shufty points me to http://www.dnsstuff.com/tools/whois.ch?ip=213.215.67.3
something in Slovakia by the looks.
NAT = Network Address Translation = you 'hiding' your network behind the firewall (e.g. all outgoing packets get the source address switched to the external IP of the firewall and when the packets come back the firewall matches the packets back up and forwards them onto the original IP)... So yes - that could well be you. "Private IP" and "Peer IP" is a strange way of putting it - not quite sure whether 213.215.67.3 is your external IP or the thing you're connecting to. If you connect to a known host and port but do a DNS lookup first it would be easier to make sense of it (or just check your external IP on your router) - e.g.
nslookup <hostname>
Well that sorts one of my questions out...
used DNS STuff myself, but dont recognise the site.
uPnP is not active.
Powered down my router for 5 minutes and then back up....
who ever it is...is gone for now.
And Lineage worked straight away.
The domain name for that ip is
Domain Name: SENICANET.NET
Your not running an email server at home are you??
no chap.....no server here.
dya think I was being used as a host? thought I was invulnerable with a good router?
assuming you dont have any DMZ settings in place or inbound port mappings then you should be reasonabley safe
Get hold of a copy of Activeports and see what program is using it
I assume .11 is your machine ?
http://www.download.com/3000-2085-10...age&tag=button <-- link for active ports
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
That port is not a standard registered port:
http://en.wikipedia.org/wiki/List_of...P_port_numbers
So, it is probably a under-the-table application.
Looks like the dynamic NAT table in the router got unhappy, hence a reset fixed it (and resolved the Lineage connectivity issue).
It would appear to be an outbound connection from port 1110 from your machine, translated to source port 46725 on your router, destined to port 1698 on the remote IP.
If the packet were inbound it would require a port mapping from 46725 to 192.168.1.11:1110 which sounds highly unlikely and I guess you would have recognised it
TCP/UDP port 1698 is RSVP encapsulation, effectively another routing protocol - it's defined in a few places such as here, here, here and here.
You're never "invulnerable" while you have access to & from the Internet mate - but this wouldn't alarm me.
Might be worth checking for a firmware update for the router - or if you just applied one maybe it could have introduced a NAT bug.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
http://www.auditmypc.com/port/tcp-port-1698.asp
Port Number: 1698
TCP / UDP: TCP
Delivery: Yes
Protocol / Name: rsvp-encap-1
Port Description: RSVP-ENCAPSULATION-1
Virus / Trojan: No
Seems fine by the look of it
Unless your system have any unknown traffic going through or weird processes it shouldn't be a problem.
Workstation 1: Intel i7 950 @ 3.8Ghz / X58 / 12GB DDR3-1600 / HD4870 512MB / Antec P180
Workstation 2: Intel C2Q Q9550 @ 3.6Ghz / X38 / 4GB DDR2-800 / 8400GS 512MB / Open Air
Workstation 3: Intel Xeon X3350 @ 3.2Ghz / P35 / 4GB DDR2-800 / HD4770 512MB / Shuttle SP35P2
HTPC: AMD Athlon X4 620 @ 2.6Ghz / 780G / 4GB DDR2-1000 / Antec Mini P180 White
Mobile Workstation: Intel C2D T8300 @ 2.4Ghz / GM965 / 3GB DDR2-667 / DELL Inspiron 1525 / 6+6+9 Cell Battery
Display (Monitor): DELL Ultrasharp 2709W + DELL Ultrasharp 2001FP
Display (Projector): Epson TW-3500 1080p
Speakers: Creative Megaworks THX550 5.1
Headphones: Etymotic hf2 / Ultimate Ears Triple.fi 10 Pro
Storage: 8x2TB Hitachi @ DELL PERC 6/i RAID6 / 13TB Non-RAID Across 12 HDDs
Consoles: PS3 Slim 120GB / Xbox 360 Arcade 20GB / PS2
thanks guys,
As it was a ropey looking Email/Domain host I guess someone was trying to use me for a spoofed IP for spam.
Gone now, not returned since.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
