I just checked my router log and did a google search on the IP I found in my log. Code: Feb/01/2009 16:52:45 Drop ICMP packet from WAN 209.62.87.140:3 x.x.x.x:0 Rule: Default deny Feb/01/2009 16:52:45 Drop ICMP packet from WAN 209.62.87.140:3 x.x.x.x:0 Rule: Default deny Feb/01/2009 16:52:42 Drop ICMP packet from WAN 209.62.87.140:3 x.x.x.x:0 Rule: Default deny Feb/01/2009 16:52:42 Drop ICMP packet from WAN 209.62.87.140:3 x.x.x.x:0 Rule: Default deny Result from the whois command... Code: IP number: 209.62.87.140 (hevonen.afterdawn.net) Full whois information for IP number 209.62.87.140: OrgName: ThePlanet.com Internet Services, Inc. OrgID: TPCM Address: 315 Capitol Address: Suite 205 City: Houston StateProv: TX PostalCode: 77002 Country: US ReferralServer: rwhois://rwhois.theplanet.com:4321 Why is afterdawn.net sending packets to my IP address? Yes, I know this is afterdawn.com, but there is a script from afterdawn.net running on the forum that I am currently blocking because of this thru my FireFox extension, NoScript.
hevonen.afterdawn.net is the RDNS name for our image server (i.afterdawn.com, same one that serves all the stylesheets and pictures on our site) that also serves our site's JavaScript libraries. You're blocking the JS script that allows you to close/open the sidebar "hub"/topic menu. Pretty much all our servers' RDNS names (the name you get when you tracert them back) are using the .afterdawn.net scope.
Hi, hevonen.afterdawn.net is our image server. The ICMP packets your firewall has blocked are completely harmless. Our firewall sends ICMP 3 (destination unreachable, packet filtered) response in case the client tries to connect to an unauthorized port or an authorized port with wrong type of packet. In your case the Web browser you are using probably sent TCP FIN packages to an already closed connection, which caused our firewall to block those. Since there isn't really need to block such packages, I have adjusted the firewall so that unnecessary "packet filtered" responses are no longer sent. You should not see similar messages in your logs. Thank you for reporting your concern. =) Jari
I appreciate the replies from the staff. I'm only concerned because I have recently noticed a lot of similar activity in my router logs... a lot of which came from servers in China. Since my router logs have started showing a lot of this activity, my Netflix streaming has suffered. I can't watch a full show without it stating my connection speed has changed. I'm the only one using my broadband, so I know that nobody else is downloading through my connection.
are you running wireless? someone free loading on your connection? are you on a cable connection, or a dedicated line? also might want to make sure you don't have any spyware or maleware running on your pc. sounds fishy to me. but i can attest that this site is by all means harmless, if anything it is the safest forum on the net. mods, where is your hevonen.afterdawn.net image server located?
Most of our servers are located in Houston, TX - including the image server. We are currently experimenting with moving the images and CSS files to a content delivery network, so in some parts of the site (such as the discussion forums) a part of the images are loaded from the delivery network (cdn1-3.afterdawn.com).
