| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 27604 | 2002-11-26 18:43:00 | Who's trying to get into My Computer? | lofty (2638) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 101626 | 2002-11-26 18:43:00 | Over the last three days, I've noticed (via zone alarm) that my system is being "sought" from one source in particular, on a pretty regular basis even when offline. Can any one help identify the source? - or explain why the sudden interest in my system??!! Copied below is a transcript of (an example of) Zone Alarm's log file: ZoneAlarm Logging Client v2.6.88 Windows 98-4.10.2222- A -SP type,date,time,source,destination,transport FWIN,2002/11/27,01:56:22 +13:00 GMT,200.206.188.56:1048,203.167.180.25:137,UDP FWIN,2002/11/27,02:05:28 +13:00 GMT,0.0.0.0:68,255.255.255.255:67,UDP FWIN,2002/11/27,02:11:07 +13:00 GMT,0.0.0.0:68,255.255.255.255:67,UDP FWIN,2002/11/27,03:11:36 +13:00 GMT,0.0.0.0:68,255.255.255.255:67,UDP Below is an example of Zone Alarm's "pop up" alert: The firewall has blocked an Internet broadcast to your computer (DHCP) from 0.0.0.0 (UDP Port 68). Occurred: 8 times between 27/11/02 06:28:50 and 27/11/02 07:11:32 Thanks Lofty |
lofty (2638) | ||
| 101627 | 2002-11-26 19:02:00 | Even when offline? That's pretty determined, and I would have thought pretty impossible. Are you on a local network? Also, usually 0.0.0.0 means your own machine. You might have something on your own machine that is attacking itself. May not be an attack as such. robo. |
robo (205) | ||
| 101628 | 2002-11-26 19:07:00 | Robo - em? thanks and eh?? I've just installed a network card - and yes - it DID occur to me that this may be in some way connected. But eh?? How By the way thanks for sucj a ridiculously fast reply - go back to bed mate Lofty |
lofty (2638) | ||
| 101629 | 2002-11-26 19:18:00 | Again - to Robo (or anyone less unRobo than me) The Network card is installed but I'm not on a network - installed for my laptop but not used yet. Thanks Lofty. |
lofty (2638) | ||
| 101630 | 2002-11-26 19:21:00 | as for the other IP address........ WHOIS Query Result for 200.206.188.56 OrgName: Latin American and Caribbean IP address Regional Registry OrgID: LNIC NetRange: 200.0.0.0 - 200.255.255.255 CIDR: 200.0.0.0/8 NetName: LACNIC-200 NetHandle: NET-200-0-0-0-1 Parent: NetType: Allocated to LACNIC NameServer: ARROWROOT.ARIN.NET NameServer: BUCHU.ARIN.NET NameServer: CHIA.ARIN.NET NameServer: DILL.ARIN.NET NameServer: NS.LACNIC.ORG NameServer: NS.DNS.BR NameServer: NS2.DNS.BR Comment: This IP address range has been delegated to LACNIC. Please see http://www.lacnic.net/ for further details, or check the WHOIS server located at whois.lacnic.net RegDate: 2002-07-27 Updated: 2002-11-18 TechHandle: LACNIC-ARIN TechName: Latin American and Caribbean IP address Regional R TechPhone: (+55) 11 5509-3525 TechEmail: hostmaster@lacnic.net OrgTechHandle: LACNIC-ARIN OrgTechName: Latin American and Caribbean IP address Regional R OrgTechPhone: (+55) 11 5509-3525 OrgTechEmail: hostmaster@lacnic.net # ARIN Whois database, last updated 2002-11-25 19:05 # Enter ? for additional hints on searching ARIN's Whois database. .Clueless |
Clueless (181) | ||
| 101631 | 2002-11-26 19:25:00 | Oops should have read that first.. Step 2 in the chase: % Copyright LACNIC lacnic.net % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to AS and IP numbers registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2002-11-26 17:23:01 (BRST -02:00) inetnum: 200.128/9 status: allocated owner: Comite Gestor da Internet no Brasil ownerid: BR-CGIN-LACNIC responsible: Frederico A C Neves address: Av. das Nações Unidas, 11541, 7° andar address: 04578-000 - São Paulo - SP country: BR phone: +55 11 9119-0304 [] owner-c: CGB tech-c: CGB inetrev: 200.128/9 nserver: NS.DNS.BR nsstat: 20020830 AA nslastaa: 20020830 nserver: NS1.DNS.BR nsstat: 20020830 AA nslastaa: 20020830 nserver: NS2.DNS.BR nsstat: 20020830 AA nslastaa: 20020830 remarks: These addresses have been further assigned to Brazilian users. remarks: Contact information can be found at the WHOIS server located remarks: at whois.registro.br and at http://whois.nic.br created: 19950104 changed: 20020902 nic-hdl: CGB person: Comite Gestor da Internet no Brasil e-mail: blkadm@NIC.BR address: Av. das Nações Unidas, 11541, 7° andar address: 04578-000 - São Paulo - SP country: BR phone: +55 19 9119-0304 [] created: 20020902 changed: 20020902 % whois.lacnic.net accepts only direct match queries. % Types of queries are: POCs, ownerid, CIDR blocks, IP % and AS numbers. .Clueless |
Clueless (181) | ||
| 101632 | 2002-11-26 19:28:00 | and the second IP (which i assume was that allocated to you by your ISP, clear) WHOIS Query Result for 203.167.180.25 % [whois.apnic.net node-2] % How to use this server http //www.apnic.net/db/ % Whois data copyright terms http //www.apnic.net/db/dbcopyright.html inetnum 203.167.128.0 - 203.167.191.255 Origin CLEAR-NZ descr CLEAR Communications Ltd descr 24/7 CLEAR NOC phone +64 9 912-4990 country NZ Admin. Contact CCNO1-AP Tech. Contact CCNO1-AP Notify netobjs@clear.net.nz mnt-by APNIC-HM mnt-lower MAINT-CLIX-NZ changed hostmaster@apnic.net 20000814 changed hostmaster@apnic.net 20010710 status ALLOCATED PORTABLE source APNIC role CLEAR Communications Network Objects Maintainer address ISP Duty Officer, CLEAR Net Operations address CLEAR Communications Limited address Private Bag 92143 address Auckland country NZ phone +64 9 912-5024 fax-no +64 9 912-5008 netobjs@clear.net.nz Admin. Contact CCNO1-AP Tech. Contact CCNO1-AP NIC Handle CCNO1-AP remarks For network abuse contact abuse@clear.net.nz remarks For 24/7 after-hours NOC, please call +64 9 912-4990 Notify netobjs@clear.net.nz mnt-by MAINT-CLIX-NZ changed netobjs@clear.net.nz 20010821 source APNIC .Clueless |
Clueless (181) | ||
| 101633 | 2002-11-26 19:30:00 | And my sourse for this info? here (eamnesia.com) go to the "reverse IP lookup" link .Clueless |
Clueless (181) | ||
| 101634 | 2002-11-26 19:32:00 | And unless the brazillian address keeps coming up, i really wouldn't be too worried. Whoa! 1 reply 5 posts! .Clueless |
Clueless (181) | ||
| 101635 | 2002-11-26 20:03:00 | When you installed the network card it look as though a dhcp client was installed as well . This client is periodically trying to find a dhcp server, so it can give your ethernet card an IP address . I suggest you assign a static ip address for you ethernet card say 192 . 168 . 0 . 1 under tcp/ip properties of network properties (and use a netmask of 255 . 255 . 255 . 0) . This way you will avoid the fruitless search for a dhcp server . You'd think it wouldn't bother doing this when you aren't plugged into a network but it does :-) |
gibler (49) | ||
| 1 2 | |||||