Help with identifying this

[Dillirium]

CLIENT29-41FD54:2095

OK. So This morning I had someone trying to brute force their way into some of our company's system. Normally if I encounter this issue I'll block the ip subnet and/or create ACL's accordingly. What in the heck is the above? I know it's connecting from port 2095 but that's obviously not an IP. What kind of identification is that? This was outputted via a nestat -a

Any thoughts? The security flaw is sealed now but still.....

 

[MikeTrike]

Could it be a host name on your network?

 

[koolaidkitten]

netbios name of a pc?

 

[Dillirium]

I can't see how it would be. One it's not connected to my network and 2 I don't see a DHCP entry for it. Unless some dude put a static IP on his personal computer and brought it inside.. connected.. tried to hack it for a while and quit... can't ping it .. nothing.on the arp table (now). I didn't try an ARP when I saw it coming across (stupid me).

 

[Dillirium]

/facepalm.... nevermind I'm being a f-tard. wrong parameters on my nestat

For those who may google this...

nestat -n

Changes everything into a numerical format to make life easier banning by subnet etc..

It's still a little strange because usually i see connections either in numerical format or with an actual domain.