I received this reply to a thread began yesterday on DSL Zone forum. It was a reply to my question re Event Log - Thompson router:-

http://www.dslzoneuk.net/forum/viewtopic.php?p=58831#58831

"PostPosted: Yesterday at 15:31 Post subject: Reply with quote
Well the IP your machine was scanning appears to be a normal ISP customer in the US


Search results for: 69.41.249.131


OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 69.41.224.0 - 69.41.255.255
CIDR: 69.41.224.0/19
NetName: NETBLK-THEPLANET-BLK-6
NetHandle: NET-69-41-224-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2003-04-24
Updated: 2003-11-19

RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: ***

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: ***
OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: ***
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: ***

# ARIN WHOIS database, last updated 2007-08-27 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


All very strange."

I have not had any dealings with The Planet.com. As my computer was switched off at the time therefore I was not browsing.
Anyone any ideas? Should I be worried or report this?

Ok, I shant insult your intelligence but I have a couple of questions to ask you.

1) Do you ever use www.auran.com? - If so, that's the server with the IP you pasted. - Its not a residential customer, its a server reseller company in the US.

2) There were two IP's and you said you only have a single computer, did you enable the wireless on the router? - Its possible the connections being made at from another PC/laptop near you using your wireless without your knowledge.

It would be worth double checking the wireless has a password on it, or is disabled if you won't be using it.

I'd concentrate on checking that your machine is ok.

From the other thread it appears that something on 192.168.1.64 on your network is doing the scan the router picked up. I assume that, since you've only got one machine connected that si the IP adress assigned to it by the router.

1. you say the machine was turned off at the time. That doesn't make any sense. Are you sure that the routers time is set correctly?

2. Do you have software firewall installed on the PC. This will tell you what on your machine is trying to 'call out'. Zonealarm still has free version, but I'd really like it.

You can get a 30 trial of Agintum Outpost, which I've just installed here to keep on BBC iPlayer.

Though it's a bit annoying intrusive at times. But moslty ok once it all setup and used to things

2) There were two IP's and you said you only have a single computer, did you enable the wireless on the router? - Its possible the connections being made at from another PC/laptop near you using your wireless without your knowledge.



IIRC OP is using a st545 - no wireless.

Hmm, the other IP adress is 192.168.1.2 - apparently another internal IP address , but not AIUI one that would be allocated by DCHP on the Speedtouch in defualt setup. Bit odd.

Ess1 Are these sort of entries appearing in the logs?

Ah yes, I beg your pardon, I read kwikbreaks post.

Interesting then ... how .2 turned up in there ...

Thank you all for looking into this and taking the time to reply.

chaz - Yes I have Auran's Train Simulator.

Gargoyle - What I meant re machine being turned off was that the computer was off although router was left connected. I have Kaspersky Internet Security and have checked reports but nothing showed.

I have, this afternoon, replaced my router for that which I originally ordered (was sent a 545 in error). Checked logs:-

Warning 00:03:25 (since last boot) PPP link up (Internet) [xx.xx.xx.] Edit 30/8/07


Info 00:03:24 (since last boot) PPP CHAP Chap receive success : authentication ok


Info 00:03:24 (since last boot) PPP CHAP Receive challenge (rhost = p.dsl)


Info 00:03:21 (since last boot) PPP CHAP Receive challenge (rhost = ERX22.Sheffield4)


Info 00:03:20 (since last boot) xDSL linestate up (downstream: 8096 kbit/s, upstream: 448 kbit/s; output Power Down: 17.5 dBm, Up: 12.0 dBm; line Attenuation Down: 14.0 dB, Up: 7.0 dB; snr Margin Down: 13.0 dB, Up: 22.0 dB)


Info 00:03:03 (since last boot) CONFIGURATION saved after running Embedded Setup Wizard (user.tpl deduced from pppdef.tpl.gz)


Warning 00:03:02 (since last boot) DHCS server up


Info 00:03:02 (since last boot) FIREWALL event (1 of 26): created rules


Info 00:03:02 (since last boot) FIREWALL level changed to Standard.


Info 00:03:02 (since last boot) xDSL linestate down


Info 00:03:00 (since last boot) FIREWALL event (1 of 13): enabled rules


Warning 00:02:59 (since last boot) DHCS server went down


Info 00:03:00 (since last boot) FIREWALL event (1 of 1): deleted rules


Info 00:02:59 (since last boot) FIREWALL event (1 of 51): modified rules


Info 00:02:57 (since last boot) FIREWALL event (1 of 1): disabled rules


Info 00:00:49 (since last boot) LOGIN User Administrator logged in on [HTTP] (from 192.168.1.64)


Info 00:00:27 (since last boot) xDSL linestate up (downstream: 8096 kbit/s, upstream: 448 kbit/s; output Power Down: 17.5 dBm, Up: 12.0 dBm; line Attenuation Down: 14.0 dB, Up: 7.0 dB; snr Margin Down: 13.0 dB, Up: 22.0 dB)


Warning 00:00:09 (since last boot) DHCS server up


Info 00:00:09 (since last boot) FIREWALL level changed to Standard.


Info 00:00:08 (since last boot) FIREWALL event (1 of 1): enabled rules


Warning 00:00:01 (since last boot) KERNEL Cold restart


Info 00:00:01 (since last boot) FIREWALL event (1 of 1): modified rules


Info 00:00:02 (since last boot) FIREWALL event (1 of 1): created rules

Alright, the use of the train simulator explains the connections to 69.41.249.131 (ThePlanet) so you needn't worry about that any longer.

Which router have you received now?

Alright, the use of the train simulator explains the connections to 69.41.249.131 (ThePlanet) so you needn't worry about that any longer.

Which router have you received now?

Thompson ST546 v6.

Best,
Sellick

Hi ess1

Have sent you a pm .....

Hi ess1

Have sent you a pm .....

Many thanks. Have replied.
:)