by Christoph M. Lai » Fri, 23 Jul 1999 04:00:00
Hello,
in my firewall log i see, that the strange IP Addres 216.33.199.92
gets a FTP connection with my workstation !!!! ?
especialy when i boot my Workstations (Linux & NT's), they want to
connect to this strange IP.
Now, I just blocked the Strange IP in my firewall, but still got a bad
feeling....
Question:
Who's "strange IP" is being stuffed with my data ??
What are popular and easy to use analyzers for Linux to solve problems
like mine ?
wbr C. Laib
by Ralf Hildebran » Fri, 23 Jul 1999 04:00:00
% dig -x 216.33.199.92Quote:>in my firewall log i see, that the strange IP Addres 216.33.199.92
>gets a FTP connection with my workstation !!!! ?
>especialy when i boot my Workstations (Linux & NT's), they want to
>connect to this strange IP.
>Now, I just blocked the Strange IP in my firewall, but still got a bad
>feeling....
Interesting ports on (216.33.199.92):
Port State Protocol Service
21 open tcp ftp
80 open tcp http
135 open tcp loc-srv
139 open tcp netbios-ssn
443 open tcp https
1031 open tcp iad2
Remote operating system guess: Windows NT4 / Win95 / Win98
You could also have a look at the HTTP/FTP server on that machine...
Cheers,
Ralf
--
Ralf Hildebrandt http://www.stahl.bau.tu-bs.de/~hildeb (0)531/391-3366
Institute for Steel-Structures, Technic. Univers. of Braunschweig, Germany
"Those who do not understand UNIX are condemned to reinvent it -- badly."
-- Henry Spencer
by David C Pral » Fri, 23 Jul 1999 04:00:00
Which is pretty close to the address you have. I installed PKZIP for
Windows, which has that nice little adverti*t sitting on it. I'm not
sure exactly where it came from, but I'm pretty sure this is it.
--
David C Prall, MCSE MCNE DCP Technologies
http://www.veryComputer.com/
> >in my firewall log i see, that the strange IP Addres 216.33.199.92
> >gets a FTP connection with my workstation !!!! ?
> >especialy when i boot my Workstations (Linux & NT's), they want to
> >connect to this strange IP.
> >Now, I just blocked the Strange IP in my firewall, but still got a
bad
> >feeling....
> % dig -x 216.33.199.92
> ;; AUTHORITY SECTION:
> 199.33.216.in-addr.arpa. 1D IN SOA ns.exodus.net.
> Interesting ports on (216.33.199.92):
> Port State Protocol Service
> 21 open tcp ftp
> 80 open tcp http
> 135 open tcp loc-srv
> 139 open tcp netbios-ssn
> 443 open tcp https
> 1031 open tcp iad2
> Remote operating system guess: Windows NT4 / Win95 / Win98
> You could also have a look at the HTTP/FTP server on that machine...
> Cheers,
> Ralf
> --
> Ralf Hildebrandt http://www.veryComputer.com/~hildeb
(0)531/391-3366
> Institute for Steel-Structures, Technic. Univers. of Braunschweig,
Germany
> "Those who do not understand UNIX are condemned to reinvent it --
badly."
> -- Henry
1. Upload IP address / Dynamic IP hack HELP!
To whomever can help,
I run apache, and am stricken with an ISP that uses dynamic IP
addresses. I want to upload the ip address I get but don't know how to
word it into the ip-up script. I would like it to work in this manner:
1. Get ip address, run ip-up
2. ip - up uploads address from $4 from pppd.
3. Web page in my home directory at my ISP reads my address, and uses
it for a link.
Thanks again in advance,
5. Grabbing/Stealing an X Session
6. How do I know if I am being hacked[violated]?
8. I am hacked
10. Am I Hacked? What should I do next?
11. Am I being hacked by someone??