What’s with IP 194.59.120.11?


The traffic for our popular website that we analyze with FireGen contains quite a few connections from IP 194.59.120.11. While this doesn’t resolve to a domain name, it appears that it belongs to Deutsches Patentamt or The German Patent and Trade Mark Office (www.dpma.de). From the application-specific logs we can tell that is not actually using the site but it is up there, at the same level of traffic with various search engine crawlers (Yahoo, Google, etc…). To keep an eye on it, we added the IP in the “Monitored IP Addresses” list in FireGen so the next reports will tag any connections from this IP. In the mean time, we used the IP Forensics feature in FireGen (http://www.eventid.net/firegen/ipforensics_report.asp) to see what kind of traffic is generated by this IP. It turned out that every 5 seconds it makes and HTML request for the default page of www.eventid.net and nothing else, as if it would monitor the availability of this website. We will keep an eye on it and if necessary block it at the firewall level.

Advertisements

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: