Fire wall been warning me about attempts to connect from an ip address in Ca.

[Ron]

192.168.0.4


whois:
http://www.networksolutions.com/whois/results.jsp?ip=192.168.0.4

It's popping up so frequently I'm about ready to click the "Don't show this dialog again" box.

I'm just curious as to who or what is trying to connect to my system all of a sudden.

Is this all the info that can be gleaned from just an ip?

This doesn't tell me where the attempt is really originating.

[RocketMan]

That address is in a range reserved for private, internal networks that are not directly connected to the Internet.  It is not the address of a computer or a site on the Internet.  Instead, an internal network normally connects to the Internet via a router.
That explains your Whois results. The Internet Assigned Numbers Authority, or IANA, is the organization that is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.
In all likelihood, your router or another device on your network is trying to send you an alert message of some type.
Try pinging the address, or type it into your browser address bar and see if the configuration page of a device on your network comes up.

[Ron]

Thanks RocketMan.

Nothing comes up when I paste it into the browser and pinging it fails to give me any info.

I'm ignoring it, no way I'm letting it through the firewall without more info.

[GigaBuist]

Might be a good idea to see what device actually has that IP.  Usually logging into your router will let you see a list of devices attached to it w/ their IP address, MAC address, and hostname if available.

I'd wager it's entirely legit but it could also be indicative of a machine that's got a worm on it.

[tyme]

Since you seem to have no idea what else on your network has that IP, try this:

a) if 192.168.0.4 answers pings, try unplugging other devices on your network until the ping responses stop.

b)
http://nmap.org/dist/nmap-5.10BETA2-setup.exe  (sorry for direct-linking to an executable; you can use the download page but it's not the best-organized webpage in the world)

run zenmap, type 192.168.0.4 into the targets box, and see what it says... particularly the OS details, seen 2/3 of the way down in this screenshot:



Echoing gigabuist's comments, I would urge you to track it down, rather than ignoring it.  It's unusual for one computer on a local network to trip the windows firewall of another computer without human direction.  Since you haven't enumerated what else is on the same home network, and explicitly ruled those devices out, there may be unmaintained computers, or embedded devices, that may have been hacked.

(as you may have gathered, whois is not a good way to find out where an IP is physically located.  It gives information about the person or organization that registered the ip, but does not give information about where that IP is routed.  There are geoip databases for that purpose.  for instance, http://www.maxmind.com/  http://www.geoiptool.com/  )

[Ron]

This is my home computer, there is a wireless router for a PC laptop used in the house also. I use Comcast.

I ran zenmap and came up with this.

Starting Nmap 5.10BETA2 ( http://nmap.org ) at 2009-12-25 15:24 Central Standard Time

Nmap wishes you a merry Christmas! Specify -sX for Xmas Scan (http://nmap.org/book/man-port-scanning-techniques.html).

NSE: Loaded 36 scripts for scanning.

Initiating ARP Ping Scan at 15:24

Scanning 192.168.0.4 [1 port]

Completed ARP Ping Scan at 15:24, 0.17s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 15:24

Completed Parallel DNS resolution of 1 host. at 15:24, 0.06s elapsed

Initiating SYN Stealth Scan at 15:24

Scanning 192.168.0.4 [1000 ports]

SYN Stealth Scan Timing: About 38.00% done; ETC: 15:26 (0:00:51 remaining)

Completed SYN Stealth Scan at 15:26, 81.09s elapsed (1000 total ports)

Initiating Service scan at 15:26

Initiating OS detection (try #1) against 192.168.0.4

Retrying OS detection (try #2) against 192.168.0.4

NSE: Script scanning 192.168.0.4.

NSE: Script Scanning completed.

Nmap scan report for 192.168.0.4

Host is up (0.078s latency).

All 1000 scanned ports on 192.168.0.4 are filtered

MAC Address: 00:17:F2:4E:EF:8E (Apple Computer)

Too many fingerprints match this host to give specific OS details

Network Distance: 1 hop



HOP RTT      ADDRESS

1   78.00 ms 192.168.0.4



Read data files from: C:\Program Files\Nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 94.06 seconds

           Raw packets sent: 2049 (94.714KB) | Rcvd: 1 (42B)

[tyme]

MAC Address: 00:17:F2:4E:EF:8E (Apple Computer)

Is the laptop a Mac?  If so, that's probably the source.  Is that possible?  Was it on during the firewall alerts?

Is it possible that someone else is (ab)using your wireless network?  In that case, the mystery IP could be anyone within hundreds of feet.  Maybe thousands if they have a directional antenna.

[Ron]

Is the laptop a Mac?  If so, that's probably the source.

My sister is staying with me at my house she has a PC laptop BUT her boyfriends laptop is a Mac and he is over all the time including today.

Mystery solved!

Thanks for the info and the neat IP program.

I used to use the application that came with Mcafee that could trace IP's. Since I've been using all free VP, firewall etc... I've missed having that app.
 

[roo_ster]

Obviously BF is trying to hack your network from the inside.

Best policy is to wait beside the door with a baseball bat until he comes through, and then kneecap him.  Make sure the bat is aluminum and holler out, "Ping this, MF!" when you take out his first kneecap.

HTH.

[Ron]

Obviously BF is trying to hack your network from the inside.

Best policy is to wait beside the door with a baseball bat until he comes through, and then kneecap him.  Make sure the bat is aluminum and holler out, "Ping this, MF!" when you take out his first kneecap.

HTH.

Dude, thats not going to happen!

He's a butcher and a chef, I've been eating 5 Star meals at home for the last two months 

[Zardozimo Oprah Bannedalas]

Dude, thats not going to happen!

He's a butcher and a chef, I've been eating 5 Star meals at home for the last two months 

Better take a hair sample to a chemist, and ask if there are abnormal levels of arsenic in it. 

[AJ Dual]

His laptop is just trying to automatically connect to the address of your PC, but on his own local network that uses 192.168.XXX.XXX addresses, that address might be a network printer, his router etc. Could be a printer driver monitor, antivirus software trying to update itself, etc.

Or he does have malware infesting his Apple and it's sniffing about for other machines on the local subnet.

[roo_ster]

Dude, thats not going to happen!

He's a butcher and a chef, I've been eating 5 Star meals at home for the last two months 

Hmm, that sounds bad.  He's likely a cannibal and fattening you up for the slaughter.  Remove any fava beans from your residence, pronto.

I suggest following the same advice I gave you above, but shouting instead, "You were going to serve me up as the entre, were you?!  Well how do do you like these just desserts, gimpy-boy?"