A WHOIS search of the IP yields the following:
OrgName: Verizon Internet Services Inc.
OrgID: VRIS
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
NetRange: 173.64.0.0 - 173.79.255.255
CIDR: 173.64.0.0/12
NetName: VIS-BLOCK
NetHandle: NET-173-64-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.VERIZON.NET
NameServer: NS3.VERIZON.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
NameServer: NS5.VERIZON.NET
NameServer: NS6.VERIZON.NET
Comment:
RegDate: 2008-08-11
Updated: 2009-10-14
OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: security@verizon.net
OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: 800-243-6994
OrgTechEmail: IPNMC@gnilink.net
# ARIN WHOIS database, last updated 2010-03-11 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
This IP range is Verizon's FIOS network, but I find it curious that all identifying information is "Unknown". The typical network gateway for a Class C network would be x.x.x.1, and a TraceRoute of assumed gateway 173.79.114.1 resolves to Hostname "L100.WASHDC-VFTTP-91.verizon-gni.net". A Google search of gni.net associates to "GNILINK.net", which discovers a company called MarkMonitor, an internet brand watching and fraud prevention security company.
Which I find a little odd...
My questions for you, Mr. Anonymous Visitor, are: "Who are you?", "Why do you keep coming back to THAT PARTICULAR post?", and "What is your goal in doing so?"
Is there a networking professional among my scant few readers who can shed some light on how a domain user can mask itself to prevent source location from providing backtracking information? If so, who are the most likely people to use such a mask?
I am getting more curious by the day on this one...
Pax,
Newbius
3 comments:
Very odd, indeed. In fact, lots of very odd things are going on these days, at the hands of the Feds.
Mobile devices usualy turn up with a lot of "unknowns". Satellite broadband users even turn up as "unknown country".
Personally, I think you're reading way too much into this.
(For example, 'way back when I first started blogging, I was getting hits from the Treasury Dep't's Office of Asset Forfeiture.
As it turns out, one of the guys I used to know from TFL had moved out East after graduating from Purdue and was doing contract programming for the Treas.)
Not to beat a dead horse, but if you were being scrutineered by "Them", they wouldn't be showing up in your site meter at all.
Tam,
I understand that, what with Einstein and Echelon and all that. I wouldn't expect an "official" scrutiny to arrive in my SiteMeter. They have other ways of monitoring "us subversives". ;)
I really DO find it curious that I am getting a lot of direct hits, from DC, on that post. Whether it is from an internet security firm, or a K-Street lobbyist, or just from someone with an extreme interest in tactical gear who doesn't know how to bookmark a page still remains to be seen.
I bring it up because my recent traffic has been heavy on Anonymous/Unknown Network and is well in excess of my normal daily hit counts. Normally, the Unknown Network-type hits amount to <2% of my count. Right now, they are up over 25%.
Since I am nowhere near as interesting as you are, it just makes me wonder why all of the attention, all-of-a-sudden. Now, if the hits from these IPs read the rest of the blog too, I wouldn't wonder quite as much. The pattern is off.
Right now I am curious, not worried.
Post a Comment