-
March 27th, 2002, 11:43 AM
#11
Junior Member
If you have ADSL (or similar), your ISP will constantly try to "see" your router (through whatever methods they use - ie, broadcasts, pings, etc), to check if it is alive, so that if it appears not to be there, they can give your IP address to someone else (obviously, only if you don't have a fixed IP). Just a thought.
Although, Subseven listens on 1243, so it might be worth checking your clients for infection. Why would someone be trying to connect to 1243 on a client machine, unless it already had S7 installed?
What broke in a man when he brought himself to kill another? - Alan Paton.
-
March 27th, 2002, 01:52 PM
#12
Senior Member
From what i can see iagree with the points above it appears to be a script kiddie tryin to attack you and see wether you have sub7 server installed on your machine. If i was you i would run a virus/trojan scanner on you drive to see if you have got a trojan.
Hope this helps
Damien
[pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]
-
April 3rd, 2002, 04:30 PM
#13
http://www.arin.net/whois/arinwhois.html
go there and type the IP in....it should give you a phone number and contact info of the ip block.
-
April 3rd, 2002, 08:38 PM
#14
Originally posted here by Guus
Well, as long as your firewall is blocking the attempts, you're safe. What I would do is tracerouting the IP, and report it to it's ISP ( abuse@<isp> ) together with a copy of your logs. That should do the trick.
had a problem with tracerouting.........could not find the abuse@ from this ip
168.95.192.1
thx
i m gone,thx everyone for so much fun and good info.
cheers and good bye
-
April 4th, 2002, 04:22 PM
#15
Junior Member
Tracking attempted hacker
Here you go !!!
Chunghwa Telecom Co., Ltd. (NET-CHUNGTELECOM)
21, Hsin-Yi Road, Section 1
Taipei, Taiwan 100
R.O.C
TW
Netname: CHUNGTELECOM
Netblock: 168.95.0.0 - 168.95.255.255
Coordinator:
Wang, Nien-Tsu (NW17-ARIN) ntwang@MS1.HINET.NET
+886 2 3445858 ext. 3150 (FAX) 886-2-3955671
Domain System inverse mapping provided by:
HNTP1.HINET.NET 168.95.192.1
HNTP3.HINET.NET 168.95.192.2
DNS.HINET.NET 168.95.1.1
Record last updated on 09-Jun-1997.
Database last updated on 3-Apr-2002 19:59:39 EDT.
-
April 4th, 2002, 05:29 PM
#16
Junior Member
My small home network is hidden behind an RT314 firewall.
Do you have ICMP blocked? you have to configure ICMP on the router to
block incoming with a rule netgear excluded it in there last
rt314 firmware ( I had 4 netgear routers myself) the IP address
probing you likely belongs to a victim who was hacked and not
the attackers so reporting to abuse is a complete waste of your
time no Cracker will use there real Ip because he/she knows they will
get caught and traced right away unless the Intruder is a lamer
script kiddie who doesn't know better You can install my
netwatchman to automaticly forward probe and attack
reports from your router to the proper people www.mynetwatchman.com
another suggestion: when your not home or away you can disconnect
your pc from the Internet really reduces the risk.
-
April 4th, 2002, 06:22 PM
#17
Re: Tracking attempted hacker
Thx wayneh and chawleyx87d[i will try abuse maybe??it will help]otherwise no harm done by that ip adress.
thx guy s
i m gone,thx everyone for so much fun and good info.
cheers and good bye
-
April 9th, 2002, 10:12 AM
#18
Junior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|