am i hacked ??? / strange IP

am i hacked ??? / strange IP

Post by Christoph M. Lai » Fri, 23 Jul 1999 04:00:00



Hello,

in my firewall log i see, that the strange IP Addres 216.33.199.92
gets a FTP connection with my workstation !!!! ?
especialy when i boot my Workstations (Linux & NT's), they want to
connect to this strange IP.
Now, I just blocked the Strange IP in my firewall, but still got a bad
feeling....

Question:

Who's "strange IP"   is being stuffed with my data  ??
What are popular and easy to use analyzers for Linux to solve problems
like mine ?

wbr C. Laib

 
 
 

am i hacked ??? / strange IP

Post by Ralf Hildebran » Fri, 23 Jul 1999 04:00:00



Quote:>in my firewall log i see, that the strange IP Addres 216.33.199.92
>gets a FTP connection with my workstation !!!! ?
>especialy when i boot my Workstations (Linux & NT's), they want to
>connect to this strange IP.
>Now, I just blocked the Strange IP in my firewall, but still got a bad
>feeling....

% dig -x 216.33.199.92
;; AUTHORITY SECTION:
199.33.216.in-addr.arpa.  1D IN SOA  ns.exodus.net. hostmaster.exodus.net. (


Interesting ports on  (216.33.199.92):
Port    State       Protocol  Service
21      open        tcp       ftp
80      open        tcp       http
135     open        tcp       loc-srv
139     open        tcp       netbios-ssn
443     open        tcp       https
1031    open        tcp       iad2

Remote operating system guess: Windows NT4 / Win95 / Win98

You could also have a look at the HTTP/FTP server on that machine...

Cheers,
Ralf

--
Ralf Hildebrandt   http://www.stahl.bau.tu-bs.de/~hildeb   (0)531/391-3366
Institute for Steel-Structures, Technic. Univers. of Braunschweig, Germany
"Those who do not understand UNIX are condemned to reinvent it -- badly."
                                                          -- Henry Spencer

 
 
 

am i hacked ??? / strange IP

Post by David C Pral » Fri, 23 Jul 1999 04:00:00


No you installed something. I found this site
Non-authoritative answer:
Name:    ads.timesink.com
Addresses:  216.33.199.83, 149.1.1.15, 149.1.1.31, 149.1.1.35
          216.33.199.82, 216.33.199.80, 216.33.199.81

Which is pretty close to the address you have. I installed PKZIP for
Windows, which has that nice little adverti*t sitting on it. I'm not
sure exactly where it came from, but I'm pretty sure this is it.

--
David C Prall, MCSE MCNE                             DCP Technologies


http://www.veryComputer.com/



> >in my firewall log i see, that the strange IP Addres 216.33.199.92
> >gets a FTP connection with my workstation !!!! ?
> >especialy when i boot my Workstations (Linux & NT's), they want to
> >connect to this strange IP.
> >Now, I just blocked the Strange IP in my firewall, but still got a
bad
> >feeling....

> % dig -x 216.33.199.92
> ;; AUTHORITY SECTION:
> 199.33.216.in-addr.arpa.  1D IN SOA  ns.exodus.net.

hostmaster.exodus.net. (


> Interesting ports on  (216.33.199.92):
> Port    State       Protocol  Service
> 21      open        tcp       ftp
> 80      open        tcp       http
> 135     open        tcp       loc-srv
> 139     open        tcp       netbios-ssn
> 443     open        tcp       https
> 1031    open        tcp       iad2

> Remote operating system guess: Windows NT4 / Win95 / Win98

> You could also have a look at the HTTP/FTP server on that machine...

> Cheers,
> Ralf

> --
> Ralf Hildebrandt   http://www.veryComputer.com/~hildeb
(0)531/391-3366
> Institute for Steel-Structures, Technic. Univers. of Braunschweig,
Germany
> "Those who do not understand UNIX are condemned to reinvent it --
badly."
>                                                           -- Henry

Spencer
 
 
 

1. Upload IP address / Dynamic IP hack HELP!

To whomever can help,

        I run apache, and am stricken with an ISP that uses dynamic IP
addresses.  I want to upload the ip address I get but don't know how to
word it into the ip-up script.  I would like it to work in this manner:

1.  Get ip address, run ip-up

2.  ip - up uploads address from $4 from pppd.

3.  Web page in my home directory at my ISP reads my address, and uses
it for a link.

        Thanks again in advance,


2. Linux/Win2k network

3. Am I being hacked?

4. dual boot help

5. Grabbing/Stealing an X Session

6. How do I know if I am being hacked[violated]?

7. NETATALK for Linux?

8. I am hacked

9. Am I getting hacked?

10. Am I Hacked? What should I do next?

11. Am I being hacked by someone??

12. Am I being hacked?