The RIPE NCC whois server is running on a machine that happens to have this address on it's ethernet interface (check sh$ host whois.ripe.net). And it also happens to be in the public part of the RIPE NCC's network in Amsterdam, in the very same subnet that has www.ripe.net and ftp.ripe.net in it. The other stuff: 1.geotrace is bloody wrong about this address being in the gulf of guinea, it's in amsterdam. don't question this again. period. 2.It is not a satelite connection, see the latency change from the previous hop (Amsterdam1.ripe.net) to it, less than one milisecond. 3. 'this ip has occupied the mail server of my provider, and knows when I\'m online' is a speculation based on no real information. Please be correct at least in the data that you provide. It would be interesting if you tell us what exactly worries you about this ip address. Eventually paste a packet dump of the packets that you worry about. Regards, Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ Just another techie speaking for himself > -----Original Message----- > From: * [mailto:ctino.schmitt@t-online.de]=20 > Sent: Saturday, August 17, 2002 12:06 PM > To: Paul Bryan; security-discuss@linuxsecurity.com > Subject: Re: OT: certain ip ??? >=20 >=20 >=20 >=20 > Hello Paul, >=20 > Already checked it with whois weeks ago. > I know this feature with whois . . . > you can do it from xterm too, with: > whois <ip-address> or > whois <website> >=20 > Its strange that it runs over Amsterdam and then is > ending in the gulf of guinea (check out with program > geotrace; available on sourceforge.net) > This is not my provider, who usually should administrate > my e-mail account . . . (?!) >=20 > > whois.ripe.net > > ripe looks after European IP addresses. > >=20 > > What to you mean by "occupied the email-server"? >=20 > I mean, my provider is not behind this e-mail-server > any more with his ip-addresses . . . > instead it is diverted over Amsterdam leading to gulf of guinea > with 193.0.0.135 ???? >=20 > =20 > > Paul. > > On Sat, 17 Aug 2002 18:24, * wrote: > > > Hello dear Linuxers, > > > > > > Sorry for this Off Topic question, but will not do it often. > > > Does anybody know what is behind 193.0.0.135 ??? > > > Is this a satellite or something else ? > > > > > > I tried to trace it back a bit, and it ends in the gulf of guinea. > > > (with geotrace) > > > > > > It seems that this ip has occupied the e-mail server at=20 > my provider > > > and knows each time, when I am online and when not . . .=20 > though this > > > ip-addy is not my provider . . . > > > > > > I checked anything through. There is no trojan or rootkit=20 > on my puter. > > > > > > nmap in order to try to find out, who is behind , fails,=20 > cause it is > > > filtered. > > > > > > This striking ip-addy was not there in the beginning. In=20 > the beginning > > > were only the ip-addies of my provider. One day this=20 > striking one popped > > > up continually, after checking with whois . . . trying to=20 > spoof and to > > > hide behind the provider addies . . . > > > > > > For feedback tuvm. > > > Tino. > > > > > >=20 > -------------------------------------------------------------- > ---------- > > > To unsubscribe email=20 > security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > >=20 > > - --=20 > > Paul Bryan > > E-Mail: pa_bryan@yahoo.co.uk > >=20 > > PGP Key > > = http://www.keyserver.net:11371/pks/lookup?op=3Dget&search=3D0xB1D405DA > >=20 > > I distrust a close-mouthed man. He generally picks the=20 > wrong time to talk > > and says the wrong things. Talking's something you can't=20 > do judiciously, > > unless you keep in practice. Now, sir, we'll talk if you=20 > like. I'll tell > > you right out, I'm a man who likes talking to a man who=20 > likes to talk. > > -- Sidney Greenstreet, "The Maltese Falcon" > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.6 (GNU/Linux) > > Comment: For info see http://www.gnupg.org > >=20 > > iD8DBQE9Xgys3qGyTLHUBdoRAhvJAKDBZ5HANues1N1pjvy1aAM2cGhoiwCggKOx > > 6sWuI7xnOLgwBrtd5+bztuQ=3D > > =3DAA0/ > > -----END PGP SIGNATURE----- >=20 >=20 > -------------------------------------------------------------- > ---------- > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. >=20 >=20 ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.