PDA

View Full Version : Should I be worried?


MrMacMan
Sep 8, 2003, 07:26 PM
2003/09/04 12:33:31 DHCP Client : Receive Ack from 167.206.3.212, Lease time = 302400
2003/09/04 13:05:44 ** TCP SYN Flooding ** <IP/TCP> 68.33.252.68:65341 ->> 24.47.216.68:2017
2003/09/04 13:05:50 ** TCP SYN Flooding ** <IP/TCP> 80.144.147.194:49823 ->> 24.47.216.68:2017
2003/09/04 13:25:56 ** TCP SYN Flooding ** <IP/TCP> 35.10.150.147:49855 ->> 24.47.216.68:2017
2003/09/04 13:25:57 ** TCP SYN Flooding ** <IP/TCP> 68.194.86.200:52235 ->> 24.47.216.68:2017
2003/09/04 13:25:58 ** TCP SYN Flooding ** <IP/TCP> 68.32.4.129:25179 ->> 24.47.216.68:2017
2003/09/04 13:25:59 ** TCP SYN Flooding ** <IP/TCP> 137.150.236.134:57188 ->> 24.47.216.68:2017
2003/09/04 13:26:00 ** TCP SYN Flooding ** <IP/TCP> 81.130.55.87:1247 ->> 24.47.216.68:2017
2003/09/04 13:26:01 ** TCP SYN Flooding ** <IP/TCP> 12.224.174.29:61149 ->> 24.47.216.68:2017
2003/09/04 13:26:02 ** TCP SYN Flooding ** <IP/TCP> 81.56.213.178:60056 ->> 24.47.216.68:2017
2003/09/04 13:26:03 ** TCP SYN Flooding ** <IP/TCP> 81.130.63.167:53673 ->> 24.47.216.68:2017
2003/09/04 13:26:04 ** TCP SYN Flooding ** <IP/TCP> 12.111.137.204:4664 ->> 24.47.216.68:2017
2003/09/04 13:26:04 ** TCP SYN Flooding ** <IP/TCP> 212.235.95.19:13851 ->> 24.47.216.68:2017
2003/09/04 13:45:46 ** TCP SYN Flooding ** <IP/TCP> 24.130.42.135:54426 ->> 24.47.216.68:2017
2003/09/04 13:45:47 ** TCP SYN Flooding ** <IP/TCP> 81.96.239.26:65388 ->> 24.47.216.68:2017
2003/09/04 13:45:48 ** TCP SYN Flooding ** <IP/TCP> 165.165.193.233:3664 ->> 24.47.216.68:2017
2003/09/04 13:45:51 ** TCP SYN Flooding ** <IP/TCP> 68.71.181.6:52969 ->> 24.47.216.68:2017
2003/09/04 14:53:47 ** TCP SYN Flooding ** <IP/TCP> 80.116.194.222:54761 ->> 24.47.216.68:2017
2003/09/04 17:00:16 ** TCP SYN Flooding ** <IP/TCP> 167.206.199.253:65070 ->> 24.47.216.68:2017
2003/09/04 17:00:23 ** TCP SYN Flooding ** <IP/TCP> 218.47.46.206:50685 ->> 24.47.216.68:2017
2003/09/04 17:00:24 ** TCP SYN Flooding ** <IP/TCP> 64.229.25.85:54916 ->> 24.47.216.68:2017
2003/09/05 12:03:56 ** Unauthorized HTTP Access ** <IP/TCP> 204.1.226.228:39336 ->> 24.47.216.68:88
2003/09/05 12:03:57 ** Unauthorized HTTP Access ** <IP/TCP> 204.1.226.228:39336 ->> 24.47.216.68:88
2003/09/05 12:03:58 ** Unauthorized HTTP Access ** <IP/TCP> 204.1.226.228:39336 ->> 24.47.216.68:88
2003/09/05 12:03:59 ** Unauthorized HTTP Access ** <IP/TCP> 204.1.226.228:39336 ->> 24.47.216.68:88
2003/09/05 13:01:53 ** TCP SYN Flooding ** <IP/TCP> 24.94.27.186:59079 ->> 24.47.216.68:2017
2003/09/05 13:01:54 ** TCP SYN Flooding ** <IP/TCP> 64.53.220.218:29013 ->> 24.47.216.68:2017
2003/09/05 13:01:55 ** TCP SYN Flooding ** <IP/TCP> 169.229.102.127:50408 ->> 24.47.216.68:2017
2003/09/05 13:01:56 ** TCP SYN Flooding ** <IP/TCP> 68.50.99.22:55089 ->> 24.47.216.68:2017
2003/09/05 13:01:58 ** TCP SYN Flooding ** <IP/TCP> 80.38.152.170:55434 ->> 24.47.216.68:2017
2003/09/05 13:01:59 ** TCP SYN Flooding ** <IP/TCP> 82.34.24.85:3437 ->> 24.47.216.68:2017
2003/09/05 13:02:01 ** TCP SYN Flooding ** <IP/TCP> 61.124.108.227:54844 ->> 24.47.216.68:2017
2003/09/05 13:02:02 ** TCP SYN Flooding ** <IP/TCP> 62.203.18.95:11632 ->> 24.47.216.68:2017
2003/09/05 13:02:04 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.29:57116 ->> 68.82.155.36:1484
2003/09/06 06:33:30 DHCP Client : Send Request, Request IP = 24.47.216.68
2003/09/06 07:28:03 ** TCP SYN Flooding ** <IP/TCP> 129.217.130.44:4350 ->> 24.47.216.68:2017
2003/09/06 07:28:12 ** TCP SYN Flooding ** <IP/TCP> 65.94.117.194:53937 ->> 24.47.216.68:2017
2003/09/06 07:28:15 ** TCP SYN Flooding ** <IP/TCP> 62.255.41.176:49515 ->> 24.47.216.68:2017
2003/09/07 07:02:43 ** TCP SYN Flooding ** <IP/TCP> 217.42.29.29:50155 ->> 24.47.216.68:2017
2003/09/07 11:07:18 ** TCP SYN Flooding ** <IP/TCP> 213.250.80.67:53153 ->> 24.47.216.68:2017
2003/09/07 11:07:21 ** TCP SYN Flooding ** <IP/TCP> 200.50.53.214:29372 ->> 24.47.216.68:2017
2003/09/07 11:07:22 ** TCP SYN Flooding ** <IP/TCP> 212.238.208.66:2125 ->> 24.47.216.68:2017
2003/09/07 11:07:27 ** TCP SYN Flooding ** <IP/TCP> 213.107.105.43:57159 ->> 24.47.216.68:2017
2003/09/07 11:07:28 ** TCP SYN Flooding ** <IP/TCP> 172.185.139.231:55735 ->> 24.47.216.68:2017
2003/09/07 11:33:35 ** TCP SYN Flooding ** <IP/TCP> 141.213.209.109:56442 ->> 24.47.216.68:2017
2003/09/07 11:33:38 ** TCP SYN Flooding ** <IP/TCP> 24.199.108.154:50277 ->> 24.47.216.68:2017
2003/09/07 11:33:44 ** TCP SYN Flooding ** <IP/TCP> 24.207.204.23:60334 ->> 24.47.216.68:2017
2003/09/07 11:39:17 ** TCP SYN Flooding ** <IP/TCP> 64.178.99.157:53128 ->> 24.47.216.68:2017
2003/09/07 11:39:20 ** TCP SYN Flooding ** <IP/TCP> 64.178.99.157:53128 ->> 24.47.216.68:2017
2003/09/07 11:39:22 ** TCP SYN Flooding ** <IP/TCP> 62.131.36.114:14628 ->> 24.47.216.68:2017
2003/09/07 11:39:23 ** TCP SYN Flooding ** <IP/TCP> 213.39.148.177:34229 ->> 24.47.216.68:2017
2003/09/07 11:39:24 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.29:57994 ->> 68.63.82.154:1486
2003/09/07 11:39:25 ** TCP SYN Flooding ** <IP/TCP> 64.53.29.242:35660 ->> 24.47.216.68:2017
2003/09/07 11:39:26 ** TCP SYN Flooding ** <IP/TCP> 67.124.151.234:2690 ->> 24.47.216.68:2017
2003/09/07 11:39:26 ** TCP SYN Flooding ** <IP/TCP> 64.178.99.157:53128 ->> 24.47.216.68:2017
2003/09/07 11:39:28 ** TCP SYN Flooding ** <IP/TCP> 213.93.131.241:32773 ->> 24.47.216.68:2017
2003/09/07 11:39:29 ** TCP SYN Flooding ** <IP/TCP> 80.57.107.187:54328 ->> 24.47.216.68:2017
2003/09/07 11:39:30 ** TCP SYN Flooding ** <IP/TCP> 64.229.70.166:2151 ->> 24.47.216.68:2017
2003/09/07 11:39:31 ** TCP SYN Flooding ** <IP/TCP> 24.116.46.188:17754 ->> 24.47.216.68:2017
2003/09/07 11:39:33 ** TCP SYN Flooding ** <IP/TCP> 213.10.24.69:55180 ->> 24.47.216.68:2017
2003/09/07 14:09:15 ** TCP SYN Flooding ** <IP/TCP> 217.83.103.246:58258 ->> 24.47.216.68:2017
2003/09/07 14:09:16 ** TCP SYN Flooding ** <IP/TCP> 24.199.79.91:52490 ->> 24.47.216.68:2017
2003/09/07 14:09:18 ** TCP SYN Flooding ** <IP/TCP> 212.9.24.52:33231 ->> 24.47.216.68:2017
2003/09/07 14:09:19 ** TCP SYN Flooding ** <IP/TCP> 138.77.159.71:50450 ->> 24.47.216.68:2017
2003/09/07 14:09:20 ** TCP SYN Flooding ** <IP/TCP> 24.130.110.236:56369 ->> 24.47.216.68:2017
2003/09/07 14:09:21 ** TCP SYN Flooding ** <IP/TCP> 66.167.27.230:65312 ->> 24.47.216.68:2017
2003/09/07 14:09:22 ** TCP SYN Flooding ** <IP/TCP> 63.205.136.127:60507 ->> 24.47.216.68:2017
2003/09/07 14:09:25 ** TCP SYN Flooding ** <IP/TCP> 66.169.58.132:53030 ->> 24.47.216.68:2017
2003/09/07 14:09:26 ** TCP SYN Flooding ** <IP/TCP> 212.238.208.66:3467 ->> 24.47.216.68:2017
2003/09/07 14:32:04 ** TCP SYN Flooding ** <IP/TCP> 62.21.34.44:36703 ->> 24.47.216.68:2017
2003/09/07 14:32:05 ** TCP SYN Flooding ** <IP/TCP> 200.104.187.232:1025 ->> 24.47.216.68:2017
2003/09/07 14:32:06 ** TCP SYN Flooding ** <IP/TCP> 213.119.165.126:49278 ->> 24.47.216.68:2017
2003/09/07 14:32:07 ** TCP SYN Flooding ** <IP/TCP> 68.73.81.39:63751 ->> 24.47.216.68:2017
2003/09/07 14:32:07 ** TCP SYN Flooding ** <IP/TCP> 65.19.94.158:33633 ->> 24.47.216.68:2017
2003/09/07 14:32:09 ** TCP SYN Flooding ** <IP/TCP> 24.77.13.67:65269 ->> 24.47.216.68:2017
2003/09/07 14:32:10 ** TCP SYN Flooding ** <IP/TCP> 24.25.220.196:54766 ->> 24.47.216.68:2017
2003/09/07 14:32:11 ** TCP SYN Flooding ** <IP/TCP> 64.53.52.29:60424 ->> 24.47.216.68:2017
2003/09/07 14:32:12 ** TCP SYN Flooding ** <IP/TCP> 68.62.53.41:61778 ->> 24.47.216.68:2017
2003/09/07 14:32:13 ** TCP SYN Flooding ** <IP/TCP> 168.122.207.106:53999 ->> 24.47.216.68:2017
2003/09/07 14:32:14 ** TCP SYN Flooding ** <IP/TCP> 195.241.40.20:50272 ->> 24.47.216.68:2017
2003/09/07 14:32:17 ** TCP SYN Flooding ** <IP/TCP> 63.93.61.165:63526 ->> 24.47.216.68:2017
2003/09/07 15:09:05 ** TCP SYN Flooding ** <IP/TCP> 206.223.103.254:49622 ->> 24.47.216.68:2017
2003/09/07 15:09:06 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.29:63904 ->> 80.198.92.123:6346
2003/09/07 15:09:07 ** TCP SYN Flooding ** <IP/TCP> 66.93.220.190:64969 ->> 24.47.216.68:2017
2003/09/07 15:09:08 ** TCP SYN Flooding ** <IP/TCP> 24.119.82.126:47433 ->> 24.47.216.68:2017
2003/09/07 15:09:09 ** TCP SYN Flooding ** <IP/TCP> 66.229.206.53:63505 ->> 24.47.216.68:2017
2003/09/07 15:09:10 ** TCP SYN Flooding ** <IP/TCP> 81.66.142.80:55143 ->> 24.47.216.68:2017
2003/09/07 15:09:11 ** TCP SYN Flooding ** <IP/TCP> 217.83.103.246:59135 ->> 24.47.216.68:2017
2003/09/07 16:27:36 ** TCP SYN Flooding ** <IP/TCP> 68.168.129.5:29017 ->> 24.47.216.68:2017
2003/09/07 16:27:37 ** TCP SYN Flooding ** <IP/TCP> 62.131.36.114:46332 ->> 24.47.216.68:2017
2003/09/07 16:27:38 ** TCP SYN Flooding ** <IP/TCP> 151.197.247.130:64757 ->> 24.47.216.68:2017
2003/09/07 16:27:38 ** TCP SYN Flooding ** <IP/TCP> 66.188.46.26:55917 ->> 24.47.216.68:2017
2003/09/07 16:27:39 ** TCP SYN Flooding ** <IP/TCP> 68.85.23.245:55186 ->> 24.47.216.68:2017
2003/09/07 16:27:40 ** TCP SYN Flooding ** <IP/TCP> 4.42.122.146:64059 ->> 24.47.216.68:2017
2003/09/07 16:27:41 ** TCP SYN Flooding ** <IP/TCP> 67.227.64.33:50539 ->> 24.47.216.68:2017
2003/09/07 16:27:42 ** TCP SYN Flooding ** <IP/TCP> 24.78.76.8:50833 ->> 24.47.216.68:2017
2003/09/07 16:27:42 ** TCP SYN Flooding ** <IP/TCP> 64.53.52.29:61599 ->> 24.47.216.68:2017
2003/09/07 16:27:43 ** TCP SYN Flooding ** <IP/TCP> 206.116.216.112:50566 ->> 24.47.216.68:2017
2003/09/07 16:27:44 ** TCP SYN Flooding ** <IP/TCP> 24.145.247.160:56858 ->> 24.47.216.68:2017
2003/09/07 16:27:45 ** TCP SYN Flooding ** <IP/TCP> 217.233.193.76:64493 ->> 24.47.216.68:2017

[There is more... Just can't post, too long]

MrMacMan
Sep 8, 2003, 07:28 PM
2003/09/07 16:27:47 ** TCP SYN Flooding ** <IP/TCP> 68.50.172.236:64844 ->> 24.47.216.68:2017
2003/09/07 16:27:48 ** TCP SYN Flooding ** <IP/TCP> 66.65.23.19:51518 ->> 24.47.216.68:2017
2003/09/07 16:27:49 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.29:49397 ->> 81.166.52.74:2083
2003/09/07 16:27:50 ** TCP SYN Flooding ** <IP/TCP> 24.89.5.124:53253 ->> 24.47.216.68:2017
2003/09/07 17:14:04 ** TCP SYN Flooding ** <IP/TCP> 150.101.142.78:10407 ->> 24.47.216.68:2017
2003/09/07 17:14:05 ** TCP SYN Flooding ** <IP/TCP> 66.125.224.214:62656 ->> 24.47.216.68:2017
2003/09/07 17:14:06 ** TCP SYN Flooding ** <IP/TCP> 217.122.224.122:55841 ->> 24.47.216.68:2017
2003/09/07 17:14:06 ** TCP SYN Flooding ** <IP/TCP> 217.209.124.201:19542 ->> 24.47.216.68:2017
2003/09/07 17:14:07 ** TCP SYN Flooding ** <IP/TCP> 80.202.24.19:61196 ->> 24.47.216.68:2017
2003/09/07 17:14:08 ** TCP SYN Flooding ** <IP/TCP> 24.82.56.36:63329 ->> 24.47.216.68:2017
2003/09/07 17:14:09 ** TCP SYN Flooding ** <IP/TCP> 24.191.160.75:55828 ->> 24.47.216.68:2017
2003/09/07 17:14:10 ** TCP SYN Flooding ** <IP/TCP> 62.99.202.178:22640 ->> 24.47.216.68:2017
2003/09/07 17:14:11 ** TCP SYN Flooding ** <IP/TCP> 67.9.99.234:32621 ->> 24.47.216.68:2017
2003/09/08 00:33:30 DHCP Client : Send Request, Request IP = 24.47.216.68
2003/09/08 15:30:30 192.168.2.29
2003/09/08 18:54:57 ** TCP SYN Flooding ** <IP/TCP> 150.209.147.203:50872 ->> 24.47.216.68:2017
2003/09/08 18:55:00 ** TCP SYN Flooding ** <IP/TCP> 68.35.33.43:61678 ->> 24.47.216.68:2017
2003/09/08 19:20:17 ** TCP SYN Flooding ** <IP/TCP> 217.162.159.82:28914 ->> 24.47.216.68:2017
2003/09/08 19:21:34 192.168.2.29 login successful

Um... What is with all that flooding!

:eek:

And of coarse my router doesn't tell me when this is being done... erg.

What is happening and is this normal or bad?

[Mod, if you think this is software you can move it, It was when I accessed the router that I got this... so I posted under Hardware]

edit: Damn I forgot my IP was in all of those... damn.

Well know that you know my IP please don't flood me... :p

But I need to know what this means!

Rezet
Sep 9, 2003, 12:26 AM
Seems to me someone it nuking and pinging you.
I'd suggest getting Norton Internet security if your router doesn't have a built in firewall... and even if it does, i'd still get it.

Rezet
Sep 9, 2003, 12:28 AM
edit: Damn I forgot my IP was in all of those... damn

You don't have static ip, do you?

MrMacMan
Sep 9, 2003, 05:00 PM
Originally posted by Rezet
You don't have static ip, do you?


I think dynamic... not 100%

Why?


The router has a firewall which is I guess why I didn't have a problem until I looked at it.


But who/what is doing this?

5-20 Pings is find, flooding... is alot worse...

But Nuking me?

:confused:


Anyone else what is happening?

aphexist
Sep 10, 2003, 03:48 AM
My guess is that you have a broadband internet account...probably cable.

Since the cable provider's infrastructure is a wide area network, annoying people like to port scan and/or "attack" all the IP addresses that are in their subnet.

You said you have a router, which is probably acting as a firewall between your computer(s) and the WAN. From the look of your log file, it is doing it's job. This is enough for most people. Most broadband routers come configured to close all ports. There is also usually an option to "Block WAN Request" (checked) or "Respond to ping" (unchecked) in your router security configuration. This will make you appear as a less fruitful target for attack, and most simple DoS attacks will ignore you.

In summary, it is unlikely that anyone is targeting you specifically; your router is blocking the (m)asses.

tazo
Sep 10, 2003, 08:42 AM
Originally posted by MrMacman
I think dynamic... not 100%

Why?


The router has a firewall which is I guess why I didn't have a problem until I looked at it.


But who/what is doing this?

5-20 Pings is find, flooding... is alot worse...

But Nuking me?

:confused:


Anyone else what is happening?

Well all it takes is to call one conservative hacker a nazi... ;)

bousozoku
Sep 10, 2003, 10:17 AM
Just that the port on your machine is always 2017 says a lot. What machine software needs that port? If it were a random attack, they would be using various ports on your machine instead of just one.

Rezet
Sep 10, 2003, 10:36 AM
What I don't like is that at the end it said:
"2003/09/08 19:21:34 192.168.2.29 login successful"

Do you know who uses that ip?

TEG
Sep 10, 2003, 10:57 AM
Well at least you have a firewall in the router.

My Freshman year at College, I had to live in the dorms. Its an Engineering school, so 85%+ of the students had a Computer (95% PC [65% Dell, 20% Compaq, 15% home built], 4% Mac, 1% Sun [Only knew of 3 out of 290]. Well, my friend, with a homebuilt PC, actually had to go out and buy BlackICE network protection, because he would be nuked daily, causing his PC to crash. We went to the IT department, and they said they couldn't do anything about it, they would not allow us to install a firewall though. Its just a sad state of affairs when you can't even use your computer beause of being Packet Bombed.
Thankfully, I never had the problem (even with viewing unrequested packets) some people just target an IP address, because the numbers are easy to remember.

TEG

Rezet
Sep 10, 2003, 11:03 AM
Well, internet is a "free for all" at this time.

Now, Don't want to make this is a political issue, but do you think we should attain the rights of free internet and be subjected to anything that others want to do to us - "anarchy state". Or do we want government to police internet denying us some of our speech rights but securing us from annoying idiots and hackers - "oppression state". ???

Mr. Anderson
Sep 10, 2003, 11:35 AM
What were you using to see all that info? I'd be curious to see what I'm getting at home as well...

D

Rezet
Sep 10, 2003, 12:37 PM
Usually I get attacked too, so it's normal. I get about 50 attacks in a bout 5 days of uptime. But i don't use a firewall router yet.
I do however recommend getting Norton Interner security 3.0 for you though... It's a bit pricey (85 bucks) but i think is well worth it.

groovebuster
Sep 10, 2003, 01:12 PM
Originally posted by Rezet
What I don't like is that at the end it said:
"2003/09/08 19:21:34 192.168.2.29 login successful"

Do you know who uses that ip?

You are funny! :D That is your own IP address of your computer in your LAN. The log file just did what it was supposed to do, filing that you logged into the router from your machine, that's all!

192.168.x.x class c IP adresses (there are also two other address ranges for class a and b networks) are private adresses that are used in LANs behind a router. They ARE NOT valid IP addresses to be routed in a WAN (Internet) and won't be routed by any router to another router outside that LAN. What your router is doing is NAT (native address translation). It takes the packets and pretends to be the origin of them with the IP address it got from your provider (no matter if dynamic or static) and the other way around. So for somebody from outside it looks as if your computer has the IP address of the router, even though it is not. That's why a router is a good firewall. You can decide yourself which ports should be directed to a specific machine for calls from outside. With all ports closed nobody can get into your LAN from outside and it is absolutely safe.

groovebuster

groovebuster
Sep 10, 2003, 01:23 PM
Even though ports cna be used freely, here is an interesting list of services that are "officially" used on specific ports:

port list (http://www.zvon.org/tmRFC/RFC1340/Output/chapter7.html)

So to me it occurs that somebody tried to boot your machine or to get a telnet connection to your computer.

groovebuster

Rezet
Sep 10, 2003, 01:39 PM
Originally posted by groovebuster
You are funny! :D That is your own IP address of your computer in your LAN. The log file just did what it was supposed to do, filing that you logged into the router from your machine, that's all!

192.168.x.x class c IP adresses (there are also two other address ranges for class a and b networks) are private adresses that are used in LANs behind a router. They ARE NOT valid IP addresses to be routed in a WAN (Internet) and won't be routed by any router to another router outside that LAN. What your router is doing is NAT (native address translation). It takes the packets and pretends to be the origin of them with the IP address it got from your provider (no matter if dynamic or static) and the other way around. So for somebody from outside it looks as if your computer has the IP address of the router, even though it is not. That's why a router is a good firewall. You can decide yourself which ports should be directed to a specific machine for calls from outside. With all ports closed nobody can get into your LAN from outside and it is absolutely safe.

groovebuster :D

Ok. I'm quite ignorant on this whole network security thing. I need to read more books :D

tomf87
Sep 10, 2003, 01:54 PM
Just so you know what SYN Flooding is...

When two devices communicate over TCP, like web browsing for example, there is a handshake, similar to a telephone call, prior to the full conversation.

The requesting computer sends a SYN packet, the destination computer (your router in this case) sends a SYN-ACK, then the requesting computer responds with an ACK. Similar to phone conversation:

1. Person dials telephone number. (SYN)
2. Person picks up ringing phone and says "Hello." (SYN-ACK)
3. Dialer says "Hello.... <on with the conversation>" (ACK)

During a SYN Flood, the requesting computer sends so many SYN packets and the destination opens up so many connections waiting for a response that it slows down or even hangs. This is because the destination computer will wait for a period of time before closing down sockets that have been opened with a SYN packet.

More than likely, it is not someone targeting you specifically (as the IP's are pretty random and not on your subnet), but is just a worm or virus on people's computers that they do not know about.

MrMacMan
Sep 10, 2003, 04:52 PM
Originally posted by tazo
Well all it takes is to call one conservative hacker a nazi... ;)

har har har.

What are you saying Conservatives have a mass of zombie computers to attack people they don't like?

:o

Originally posted by Rezet
What I don't like is that at the end it said:
"2003/09/08 19:21:34 192.168.2.29 login successful"

Do you know who uses that ip?
Ah, that was me, and then about 5 minutes later I see this log, I copyied and pasted.

Sorry that was good, but yeah.

Originally posted by Mr. Anderson
What were you using to see all that info? I'd be curious to see what I'm getting at home as well...

D

I visit my router to change some preferences from time to time, also see if unkown hackage... blah blah but this was massive so...

Most routers respond to the IP of
192.168.2.1 Or 192.168.1.1

Type that in... in a browser and you can see what stuff your router is doing.


tomf87 -- So basically people are spamming me with phone calls...

:p


damn people...

ChronoIMG
Sep 11, 2003, 10:22 AM
Originally posted by groovebuster
Even though ports cna be used freely, here is an interesting list of services that are "officially" used on specific ports:

port list (http://www.zvon.org/tmRFC/RFC1340/Output/chapter7.html)

So to me it occurs that somebody tried to boot your machine or to get a telnet connection to your computer.

groovebuster
A more complete list can be found at IANA:

http://www.iana.org/assignments/port-numbers

tomf87
Sep 11, 2003, 10:28 AM
Originally posted by MrMacman
tomf87 -- So basically people are spamming me with phone calls...

:p


damn people...

yep... and hanging up when you answer.... :)

MrMacMan
Sep 12, 2003, 08:28 PM
Originally posted by tomf87
yep... and hanging up when you answer.... :)

Hehe, well put.


so I guess I will keep the router on and check on some Firewall Software...