my port-listener told me:
my.host.ip:139 --- intruders.host.ip:number close_wait
my.host.ip:139 --- intruders.host.ip:number2 close_wait
Does that mean, that I had really an open connection to my
Okay, let me say: I talk about my personal computer with
ppp-protocol and analog-modem-connection.
It was NO winnuke-try.
Was it simply a telnet-try on port 139 of my pc ?
I beleave, that it was "smbmount" !
close_wait tells me, that there was an hard interrupt.
The connection was to slowly to that analog-modem-connmection,
But the questions is:
had he stolen any files of my PC ?
I am very angry.
I do NOT file-sharing, and no printer-share.
CAN an intruder have access to my harddisk c: of the pc ?
UDP nbname *.*
UDP nbfatagram *.*
So, that means I can haev MYSELF access to a winnt-server or
wfw-server, to their shares, write ?
Can anybody help me ?
I do not want to find my personal letters on the wire.
I beleave, someone has TRIED to check shares of my pc, if there
would any exists - not more.
But a try is a try - it is NOT correct !
The remote computer which wants to connect to my pc on the
port 139 was a Linux-Host. I checked it, because I was online.
It was NOT another win95-pc or winnt-pc. So the intruder must
had smbmount.c, write ? Is there a possibility to found
traces on that linux-pc, if I would contact to the postmaster
of that system ?
Of course, smbmount MUST install ROOT, and I beleave root at
itself did that hack.
Any chance for me ?
thank you in advance for your help,