| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 82537 | 2007-08-30 22:17:00 | Possible computer hijack attempts? | Renmoo (66) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 586460 | 2007-08-30 22:17:00 | Dear all. On several occasions, I found that a computer that goes by the Xtra dial-up address 219.88.118.239 connects to my laptop (and no, it does not belong to any of my computers at home). Most of the time, the connection state is Close_Wait. The possible intruder computer uses multiple 1xxx ports to connect to my laptop's TCP port 1025. Upon performing a Google search on the term "TCP Port 1025", I found out that it is a port commonly used by Microsoft's Remote Procedure Call (RPC) service. If my memory does not fail me, RPC has been used by Blaster worm to exploit its victims' computers before. As a paranoid, I have now instructed AVG Antispyware and Spybot S & D to scan my laptop for malware. My question: Is there a real need to be panicked? Cheers :) |
Renmoo (66) | ||
| 586461 | 2007-08-31 00:09:00 | Hi The dial-up address 219.88.118.239 is Telecom Internet Services Auckland.Its nothing to panic over.... |
Pancake (6359) | ||
| 586462 | 2007-08-31 03:23:00 | Hi Pancake. What did you mean by Telecom Internet Services Auckland? As in Telecom (Xtra) ISP? Below is a sample of what is revealed in command prompt when netstat -a command is inputted: TCP mylaptopname:1025 210-54-121-170.dialup.xtra.co.nz:2750 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:1036 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:1039 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:1049 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4886 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4889 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4892 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4895 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4898 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4901 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4908 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4914 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4937 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4942 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4948 CLOSE_WAI T TCP mylaptopname:1025 219-88-118-239.dialup.xtra.co.nz:4958 CLOSE_WAI T Looks like it includes ports 4xxx too. Cheers :) |
Renmoo (66) | ||
| 586463 | 2007-08-31 04:15:00 | I take it you are with or are part of the Telecom Internet,.xtra.co.nz is a part of it.They must be routed through the Telecom Internet network | Pancake (6359) | ||
| 586464 | 2007-08-31 04:40:00 | Hi Pancake. Yes, I am with Xtra dial-up (I thought everyone knows about this? :p). Besides this, I am positive that the IP address does not belong to my laptop, but why does address route through my ASUS is still a bewilderment... Cheers :) |
Renmoo (66) | ||
| 586465 | 2007-08-31 05:03:00 | I am no expert on that so I really cant answer that.Maybe someone else will. | Pancake (6359) | ||
| 586466 | 2007-08-31 05:48:00 | Thanks anyway, Pancake. :) | Renmoo (66) | ||
| 586467 | 2007-08-31 10:59:00 | The IP address has disappeared (for now?). Cheers :) |
Renmoo (66) | ||
| 1 | |||||