Is someone trying to hack me???

Discussion in 'macOS' started by yankeefan24, Jan 22, 2006.

  1. yankeefan24 macrumors 65816

    yankeefan24

    Joined:
    Dec 24, 2005
    Location:
    NYC
    #1
    I enabled firewall logging earlier this month, with stealth mode. i just looked at the log and it shows that it blocks atempts that are coming in often really quickly. is this normal. as i am typing this, i got one that looks different than the rest. here are two samples

    Jan 22 10:35:42 yankee-fan-24 ipfw: Stealth Mode connection attempt to TCP --.-.-.-:----- from 38.101.111.35:80

    the unusual one

    Jan 22 11:32:36 yankee-fan-24 ipfw: 35000 Deny UDP --.-.-.-:---- ---.---.---.---:---- in via en1

    does this means someone is trying to hack me???
    if its important to see my IP address PM me.
     
  2. ldenman macrumors regular

    Joined:
    Jul 20, 2005
    #2
    I doubt that anyone is trying to hack you. I "Whoised" the ip and it came back with:
    OrgName: Performance Systems International Inc.
    OrgID: PSI
    Address: 1015 31st St NW
    City: Washington
    StateProv: DC
    PostalCode: 20007
    Country: US

    NetRange: 38.0.0.0 - 38.255.255.255
    CIDR: 38.0.0.0/8
    NetName: PSINETA
    NetHandle: NET-38-0-0-0-1
    Parent:
    NetType: Direct Allocation
    NameServer: NS.PSI.NET
    NameServer: NS2.PSI.NET
    Comment: Reassignment information for this block can be found at
    Comment: rwhois.cogentco.com 4321
    RegDate: 1991-04-16
    Updated: 2005-10-05

    RTechHandle: PSI-NISC-ARIN
    RTechName: IP Allocation
    RTechPhone: +1-877-875-4311
    RTechEmail: ipalloc@cogentco.com

    OrgAbuseHandle: COGEN-ARIN
    OrgAbuseName: Cogent Abuse
    OrgAbusePhone: +1-877-875-4311
    OrgAbuseEmail: abuse@cogentco.com

    OrgNOCHandle: ZC108-ARIN
    OrgNOCName: Cogent Communications
    OrgNOCPhone: +1-877-875-4311
    OrgNOCEmail: noc@cogentco.com

    OrgTechHandle: IPALL-ARIN
    OrgTechName: IP Allocation
    OrgTechPhone: +1-877-875-4311
    OrgTechEmail: ipalloc@cogentco.com


    The address uses port 80 which is the official port used for browsing internet.
    The ip address is that of a website, i assume.
    Correct me if i am wrong.
     
  3. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #3

    I believe it's Apple's time server.Used to syncronize the clock.
     
  4. yankeefan24 thread starter macrumors 65816

    yankeefan24

    Joined:
    Dec 24, 2005
    Location:
    NYC
    #4
    thanx. now that i think about it it might be apple time server. the only important thing i have on my computer are chat transcripts, and i know a guy who is really good at hacking so…. how did you get that IP info???

    EDIT; This is the second IP address on the unusual new alert. 239.255.255.250:1900
    Another EDIT: I was just on iChat and this guy i blocked is unblocked now. this is the same guy whos good at hacking. he uses adium, not ichat, if thats at all relevent.
     
  5. ldenman macrumors regular

    Joined:
    Jul 20, 2005
    #5
    i simply opened the terminal and typed:

    whois 38.101.111.35:80

    edit:
    i doubt the other one is a hacker, either.
     
  6. yankeefan24 thread starter macrumors 65816

    yankeefan24

    Joined:
    Dec 24, 2005
    Location:
    NYC
    #6
    thanx. when i did this on the second IP this is what i got.

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    does that mean anything.
     
  7. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #7

    Yes..it means it's used for lan's and/or your firewire IEEE 1394.
    you're too paranoid man :)
     
  8. ldenman macrumors regular

    Joined:
    Jul 20, 2005
    #8
    i guess this only applies to windows boxes:
    MS Universal Plug and Play (UPnP) 1900, 5000, 2869?
    1900, 5000, 2869? Port 1900 is IANA registered by Microsoft for SSDP (Simple Service Discovery Protocol). Port 5000 is also registered, but not by Microsoft, and not for this service I don't think. Microsoft Security Bulletins: MS01-054, MS01-059. NIPC Advisory 01-030.2, SecurityFocus. Also see the Remote Access Trojan FAQ about port 5000. About 2869 (which is IANA registered as MS ICSLAP), Microsoft says starting with Windows XP SP2, SSDP event notification service will rely on TCP port 2869. Currently this is only a speculative risk.
     
  9. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #9


    *gag*


    :rolleyes:
     
  10. yankeefan24 thread starter macrumors 65816

    yankeefan24

    Joined:
    Dec 24, 2005
    Location:
    NYC
    #10
    no.
     
  11. ldenman macrumors regular

    Joined:
    Jul 20, 2005

Share This Page