|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Network gurus: need your help
#5616782 - 05/11/06 11:27 AM (17 years, 8 months ago) |
|
|
Alright, so I set up my router so that it would send me emails when it detected a "hack attempt." The emails never worked untill I recently enabled IP passthrough on the DSL modem. IP passthrough is set up so that the the modem gives the router the same IP that the router works, this way I can run FTP/http servers.
I checked my mail today and over the past 3 days I have gotten 1247 emails that say this, with the time/date varying:
Time: 05/10/2006, 07:44:46 Message: LAND Source: 72.145.231.69, 17555 Destination:72.145.231.69, 6663 (from WAN Inbound)
The port range on destination varies, but they're all in the 6660-6669 range. Do you think I picked up some kind of IRC Trojan? What do you reccomend to find/remove it?
I have Symantec that updates daily, and it hasn't caught anything if I DO have a trojan.
|
eris
underground


Registered: 11/17/98
Posts: 48,024
Loc: North East, USA
Last seen: 4 months, 18 days
|
Re: Network gurus: need your help [Re: Gumby]
#5616809 - 05/11/06 11:33 AM (17 years, 8 months ago) |
|
|
I don't know what it is - looked up the IP and it came up with this.
IP Address : 72.145.231.69 [ adsl-145-231-69.asm.bellsouth.net ] ISP : BellSouth.net Organization : BellSouth.net Location : US, United States City : Lilburn, GA 30048 Latitude : 33°90'02" North Longitude : 84°12'55" West
OrgName: BellSouth.net Inc. OrgID: BELL City: Atlanta StateProv: GA PostalCode: 30324 Country: US
ReferralServer: <a href="rwhois://rwhois.eng.bellsouth.net:4321" target="_blank">rwhois://rwhois.eng.bellsouth.net:4321</a>
NetRange: 72.144.0.0 - 72.159.255.255 CIDR: 72.144.0.0/12 NetName: BELLSNET-BLK15 NetHandle: NET-72-144-0-0-1 Parent: NET-72-0-0-0-0 NetType: Direct Allocation NameServer: NS.BELLSOUTH.NET NameServer: NS.ATL.BELLSOUTH.NET NameServer: NS.MIA.BELLSOUTH.NET NameServer: NS.RDU.BELLSOUTH.NET Comment: Comment: For Abuse Issues, email [Email]abuse@bellsouth.net.[/Email] NO ATTACHMENTS. Include IP Comment: address, time/date, message header, and attack logs. Comment: For Subpoena Request, email ipoperations@bellsouth.net with "SUBPOENA" in Comment: the subject line. Law Enforcement Agencies ONLY, please. RegDate: 2005-08-11 Updated: 2005-11-11
RAbuseHandle: ABUSE81-ARIN RAbuseName: Abuse Group RAbusePhone: +1-404-499-5224 RAbuseEmail: abuse@bellsouth.net
RTechHandle: JG726-ARIN RTechName: Geurin, Joe RTechPhone: +1-404-499-5240 RTechEmail: ipoperations@bellsouth.net
OrgAbuseHandle: ABUSE81-ARIN OrgAbuseName: Abuse Group OrgAbusePhone: +1-404-499-5224 OrgAbuseEmail: abuse@bellsouth.net
OrgTechHandle: JG726-ARIN OrgTechName: Geurin, Joe OrgTechPhone: +1-404-499-5240 OrgTechEmail: ipoperations@bellsouth.net
# ARIN WHOIS database, last updated 2006-05-10 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database
-------------------- Immortal / Temporarily Retired The OG Thread Killer My mushroom hunting gallery
|
VoidOfsPg
Stranger

Registered: 05/09/05
Posts: 4,899
Loc: San Antonio, TX
|
Re: Network gurus: need your help [Re: Gumby]
#5616817 - 05/11/06 11:35 AM (17 years, 8 months ago) |
|
|
It's probably just a worm checking for vunerabilities.
As long as your firewall is on, you don't have to worry.
Turn off the e-mail notification shit, that'll just annoy you.
|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Re: Network gurus: need your help [Re: eris]
#5616835 - 05/11/06 11:42 AM (17 years, 8 months ago) |
|
|
Yeah... that was an old IP of mine. It looks like it's originating from somewhere in the network and going back into the network? i r confused.
|
coda
Banjo Goiter


Registered: 03/20/01
Posts: 8,750
Last seen: 10 months, 3 days
|
Re: Network gurus: need your help [Re: Gumby]
#5616953 - 05/11/06 12:06 PM (17 years, 8 months ago) |
|
|
Are you running any type of software firewall? It could be that or your antivirus program. Like stated previously it could be just random programs tickling and ip list. When i got my cable modem i set up zonealarm until i could get a router. Within 5 minutes of me being online i had been probed around 30 times for vunerabilities. The NAT firewall built into the routers does a surprisingly effective job at keeping people out of your network. If someone really wanted to get in im sure they could find a way, but, most programs just give up if no easy access is found into your network.
-------------------- To get really high is to forget yourself. And to forget yourself is to see everything else. And to see everything else is to become an understanding molecule in evolution, a conscious tool of the universe. And I think every human being should be a conscious tool of the universe. . . . -JG i really am glad you came back to us instead of taking the other path. *hug* -A_S (RIP your final words to me will never be forgotten)
 Don't fuck with the laughing jesus.
|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Re: Network gurus: need your help [Re: coda]
#5616963 - 05/11/06 12:08 PM (17 years, 8 months ago) |
|
|
Nope, no software firewalls, just the one that came with XP.
I downloaded trojan remover and "adware.mediaback" was found on my personal computer. I think I'm going to download and run that on all computers on the network. Only 5 more computers to go!
|
Jfisher
fungusaficionado


Registered: 05/24/05
Posts: 1,093
Loc: Sealand
Last seen: 14 years, 9 months
|
Re: Network gurus: need your help [Re: Gumby]
#5616965 - 05/11/06 12:09 PM (17 years, 8 months ago) |
|
|
I would recommend turning ip passthrough back off and just using port forwarding for your ftp/http needs.
-------------------- Any information written above is purely fictional. Any images do not belong to the owner of this account.
|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Re: Network gurus: need your help [Re: Jfisher]
#5616986 - 05/11/06 12:16 PM (17 years, 8 months ago) |
|
|
I tried that prior to turning on IP passthrough and no one could access my http server
|
VoidOfsPg
Stranger

Registered: 05/09/05
Posts: 4,899
Loc: San Antonio, TX
|
Re: Network gurus: need your help [Re: Gumby]
#5617837 - 05/11/06 04:00 PM (17 years, 8 months ago) |
|
|
You were probably doing it wrong then.
What kind of router do you have?
|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Re: Network gurus: need your help [Re: VoidOfsPg]
#5618390 - 05/11/06 06:14 PM (17 years, 8 months ago) |
|
|
SMC Barricade 802.11g + print server
|
|