|
-
June 5th, 2003, 11:42 PM
#1
Senior Member
help! am i being hacked
Hi, I have a dsl connection with a linksys router with NAT, OS winxp pro, on the router I chose to close ports 137-139 (netbios). I haven't had any incidents with my connection going slow or loss of hd space that would indicate intrusion. I am not running any http, ftp or telnet services. But today I noticed my connection was extremely slow, I checked my router's incoming log and got this:
Source IP Destination Port Number
64.205.117.130 137
200.85.198.16 80
200.76.200.226 139
200.76.200.226 137
200.67.152.91 139
200.67.152.91 137
216.208.202.73 139
216.208.202.73 137
210.124.147.40 139
210.124.147.40 137
210.65.54.122 139
210.65.54.122 137
212.95.176.152 2437
209.208.227.155 139
209.208.227.155 137
192.0.0.38 139
200.67.211.174 445
192.0.0.35 139
200.67.211.174 139
200.84.237.77 139
200.84.237.77 137
200.39.228.231 139
200.39.228.231 137
24.27.208.25 139
24.27.208.25 137
212.95.176.152 2437
200.67.157.192 80
66.198.149.206 139
66.198.149.206 137
213.17.69.93 139
213.17.69.93 137
68.211.202.235 135
212.253.56.165 139
212.253.56.165 137
200.67.152.91 139
200.67.152.91 137
80.230.171.72 17300
210.64.49.171 445
200.95.21.134 137
200.29.135.41 137
200.212.131.136 80
155.239.159.71 137
200.157.149.133 139
200.157.149.133 137
218.233.118.48 139
218.233.118.48 137
200.150.22.232 80
218.79.142.137 139
218.79.142.137 137
Many IP's trying to access ports 137, 139, not sure if this means someone trying to access my computer through the netbios ports. I ran a whois got this:
Search results for: 200.84.237.77
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY
NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: ARROWROOT.ARIN.NET
NameServer: BUCHU.ARIN.NET
NameServer: CHIA.ARIN.NET
NameServer: DILL.ARIN.NET
NameServer: NS.LACNIC.ORG
NameServer: NS.DNS.BR
NameServer: NS2.DNS.BR
Comment: This IP address range is under LACNIC responsibility for further
Comment: allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details, or check the
Comment: WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2002-12-12
TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3525
TechEmail: hostmaster@lacnic.net
OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3525
OrgTechEmail: hostmaster@lacnic.net
# ARIN WHOIS database, last updated 2003-06-04 21:05
# Enter ? for additional hints on searching ARIN's WHOIS database.
Most of the ip's to ports 137-139 were from this same source, should I report this to the phone or email from the whois, or what else should I do, is this an attack???????
I was stupid and never bothered to install a firewall...
I do have AV fully updated, I have scanned my system and no virus found.
Please help!!!!
(sorry for the fromatting of the log, it might be difficult to read)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote