Results 1 to 6 of 6

Thread: Hacking attempts

  1. #1
    Junior Member
    Join Date
    Oct 2002

    Exclamation Hacking attempts

    I have a pc on network . i have ZoneAlarm Pro installed on one of the pc but the firewall continiusly tells me that someone is trying to hack into my pc. Well I went through the logs and out of 4 IP address that were recorded hacking into my pc 2 of them were on the network and after i shut down those pcs still this warnings kept on comming. I have windows 98SE with all the patches and use P2P programe like Kazaa.

    I have attached a log file but these line are the warning lines

    FWIN,2003/05/10,20:28:06 +5:30 GMT,,,TCP (flags:S)
    FWIN,2003/05/10,20:28:22 +5:30 GMT,,,UDP

    the above two lines are the warning lines. they keep on popping up once a minute with warning

    please help.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    FWIN,2003/05/10,20:28:22 +5:30 GMT,,,UDP
    This is probably a legitimate DNS reply. You won't want to be blocking these, otherwise things won't work. I can't tell whether is your DNS server, but there's a good bet it is.

    FWIN,2003/05/10,20:28:06 +5:30 GMT,,,TCP (flags:S)
    Another machine on your LAN, trying to connect to 139/TCP. Could be just about anything, however it's probably harmless. Ask the user of what they were doing which was making their machine try to connect to yours - it's likely that there's a simple explanation.

    Maybe they were accessing a share on your computer, or sending a popup message. This is very common, for instance, if you printed, maybe the print server is sending you a message telling you the job is complete.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    This is probably a legitimate DNS reply. You won't want to be blocking these, otherwise things won't work. I can't tell whether is your DNS server, but there's a good bet it is.
    I ran NMAP against this server and it is a legit DNS server. I also used NSLOOKUP and specified it as the server to run queries against and it worked fine. As one final test, I ran the DIG command against the address. Looks like this is a verizon DNS server.

    As for your port 139 traffic, this is netbios traffic and as Slarty pointed out, it more than likely is normal. I say this because the request is coming from your internal network, not the outside world. You can grab a tool called TCPVIEW from www.sysinternals.com and you can throw it on the box making the request to see realtime requests going out.

    Hope this helps.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Nov 2002

    That examples you show as are all OUTGOING connections, if someone is trying to access your computer through the LAN your firewall should show it to you as an INCOMING connection, do you have some examples of incoming attacks? Although someone could have installed a backdoor in your PC and so, maybe, this backdoor is trying to get to the internet to reach its owner, and then it is right that your firewall is showing it as an OUTGOING connection.



  5. #5
    Well, most of the time theres alot of different internet traffic.. Most of the time its accidential. 192.X 10.X are within your network, I wouldn't worry about them. Depending on what you do on the internet, the chances of you getting "hacked" are slim. Only when you see foreign ips, outside your network trying to connect should you worry. Most often your ISP will conduct scans on port 80, or other such ports.

  6. #6
    Senior Member
    Join Date
    May 2003
    also, if you have kazaa running and you are sharing files, it's going to constantly echo out those communication. use tcpview or fport to see what or who you're connecting to.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts