What is 222.122.179.236 ip address.?

Question

I am running a mail server and there is an incoming request from 222.122.179.236 on port 3466. Does someone know if this is a safe request? Norton Antivirus has identified this as a "Worm" and asking if I should permit.

Thanks

Answer 1

You do not want to allow this connection. Here is a summary of of errant packets I've recieved recently. Some of this is probably
just typos, but there is some sneaky stuff in here too. You might notice that some of the scans use
a source port 80 to try and bypass firewalls, I've seen several scans that were done over a period
of time by what were obviously dynamic addresses. Anyway, take a look see. You never know what
felonies your friendly neighborhood hacker will commit next.
Last Updated: Thu Nov 23 22:47:01 EST 2006

SRC=222.122.179.236 DF PROTO=TCP SPT=1175 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1301 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1315 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1329 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1435 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1683 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1700 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1731 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1750 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1798 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1853 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=1941 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2013 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2023 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2028 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2247 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2297 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2447 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2559 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2578 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2618 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2862 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=2963 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3066 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3068 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3310 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3376 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3477 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3687 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3774 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3821 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3836 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=3943 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4014 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4062 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4088 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4139 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4145 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4175 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4228 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4376 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4382 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4682 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4695 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4708 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4736 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4745 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4772 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4916 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4940 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4969 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0
SRC=222.122.179.236 DF PROTO=TCP SPT=4972 DPT=25 WINDOW=65535 RES=0x00 SYN URGP=0

It is not a safe request. Block it.

Answer 2

Yes it is a worm, here is the IP info. Do Not let it in!!!!!

ISP Organization Information ]
Org Name : Korea Telecom
Service Name : KORNET
Org Address : Jungja-dong, Bundang-gu, Sungnam-ci
Org Detail Address: 206

[ ISP IP Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-3674-5708
E-Mail : **@krnic.kornet.net

[ ISP IP Tech Contact Information ]
Name : IP Manager
Phone : +82-2-3674-5708
E-mail : **@krnic.kornet.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-100-0000
E-mail : *****@kornet.net

Answer 3

That IP is in Korea and is a portable IP address, so it could be used by several people again and again. I would not let it in.

inetnum: 222.96.0.0 - 222.122.255.255
netname: KORNET
descr: KOREA TELECOM
descr: Network Management Center
country: KR
admin-c: DL248-AP
tech-c: GK40-AP
remarks: ***********************************************
remarks: KRNIC of NIDA is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the NIDA Whois DB
remarks: http://whois.nida.or.kr/english/index.html
remarks: ***********************************************
status: Allocated Portable
mnt-by: MNT-KRNIC-AP
changed: hm-changed@apnic.net 20031027
changed: hm-changed@apnic.net 20041007
source: APNIC

person: Dong-Joo Lee
address: 128-9 Yeong-Dong Jongro-Ku Seoul
address: Network Management Center
country: KR
phone: +82-2-766-1407
fax-no: +82-2-766-6008
e-mail: ip@krnic.kornet.net
e-mail: abuse@kornet.net
nic-hdl: DL248-AP
mnt-by: MAINT-NEW
changed: hostmaster@nic.or.kr 20061010
source: APNIC

person: Gyung-Jun Kim
address: KORNET
address: 128-9, Yeong-Dong, Jongro-Ku
address: SEOUL
address: 110-763
country: KR
phone: +82-2-747-9213
fax-no: +82-2-3673-5452
e-mail: ip@krnic.kornet.net
e-mail: abuse@kornet.net
nic-hdl: GK40-AP
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20061009
source: APNIC

Answer 4

Type it into your address bar, and find out!
Just omit the port number.
Go on then.
lol
Download Neotrace, it will tell you where in the world it came from, who the Internet provider is, their IP address, sometimes their e-mail address.
Happy Hunting.

Answer 5

If you look up that ip address on the web, it's listed as a spammer, so I wouldn't allow it access. If you're not sure of anything, don't permit it access.

Answer 6

Go to this site:
http://www.networksolutions.com/whois/index.jsp

You can look-up any IP address in the world, and it will give you all kinds of information about the IP address in question.

Answer 7

That is one of a shame list of spammers trying to use any machine as an open relay. Denied it!!

Answer 8

I think the site is www.dnsstuff.com where you can check out I.P's.

Answer 9

if you dont know who it is why permit it?