Urgent Help Required. Please Help.
Results 1 to 10 of 10

Thread: Urgent Help Required. Please Help.

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    16

    Post Urgent Help Required. Please Help.

    Hi,
    I use Norton Internet Security suit professional version 2004. today is the first time my IDS is showing me that a computer with ip 211.18.165.69 (detail's in the attached file). Although I have blocked the computer's IP still the number of times it has attacked me has gone up to 1726 times. In the attached file I have included DNS and other important information. I am new to Security please help me in what should be my next step. I feel its a scan mostly a Nmap because the connection on certain service ports were scanned with a SYN stealth scan signature but i am not sure at all like i said i am new to this field and my knowledge is near to nil.


    This is an update that total number of attempts have increased to 1790. i have also included information from the last post. Please reply as soon as possible.
    Share on Google+

  2. #2
    If it's stoping the attack, why the worry Just keep the software updated, you should be fine !
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Oct 2002
    Posts
    16
    Yes i agree with that but i would certainly like to know more about the attack. i request you you to please help me by looking at the log. the host seems down now to me.
    Share on Google+

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Man you got 4 threads about thinking you're being hacked. You're too paranoid...if the firewall is stopping it, leave it at that...no need to worry. They're not even attacks aimed directly at you...probably just simple scans over the network.
    Share on Google+

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    My boxes at the university get hit all the time by scans, if I looked into everyone I would have time for nothing else. I’d say unless it’s a local LAN attack don’t worry too much about it.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    you say your being attacked but all i see is a whois of a dial-up account in japan. this doesn't say anything. do a 'find "211.18.165.69 " YourFireWallLog >ao.txt' and post the ao.txt.

    the first issue is "what are they doing?" then find out who they are. if it turns out to be something with malicious intent you have the abuse address in your whois. keep in mind scanning is not against the law
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Share on Google+

  7. #7
    Junior Member
    Join Date
    Oct 2002
    Posts
    16
    thank you to all of you for replying. I checked my windows internet connection firewall log and there is no sighn for any entry for the IP 211.18.165.69 . although my norton firewall shows the same IP with an attempt of a XMAS_NULL scan.
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Yeh Cybr1d you did bring up a good point. You got a few thread's about virtually the same paranoia around your firewall. You need to have a little more trust my friend?
    Space For Rent.. =]
    Share on Google+

  9. #9
    Banned
    Join Date
    Mar 2004
    Posts
    4
    HI FRIEND,I READ YOUR MESSAGE ABOUT SOMEONE PORTSCANNING YOUR SYSTEM.THE TOOL IS NMAP. AS AHACKER MYSELF, I AM FEARING THAT THE IP ADDRESS YOU MENTIONED MAY OR MAY NOT BE RIGHTAS NMAP SUPPORTS IP SCANS WITH BOGUSSCANS TO HIDE REAL ONES.DONOT WORRY I HAVE THE PERPECT REMEMDY FOR THAT DISEASE THAT YOU CAN'T STOP PEOPLE PORTSCANNING YOUR SYSTEM.THE FIREWALL WHICH YOU ARE USING IS GOOD BUT USE ZONEALARM FROM WWW.ZONELABS.COM OR USE NETWORKICE DEFENDER FROM BLACKNETWORK.COM OR ICF .I DON'T KNOW WHETHER YOU ARE RUNNING WIN 98 OR 2000.IF YOU ARE RUNNING WIN XP (HE) THEN YOU GET A FREE FIREWALL.OR USE SOME GOOD IDS LIKE SNORT WWW.SNORT.ORG,REALSEACURE FROM ISS.NET ETC.KEEP ACLOSE EYE.IF YOU COULD GUIDE ME BY MAILING YOUR ENTIRE PROBLEM TO ME THEN I WILL SURELY HELP YOU WANT.EVEN FIREWALLS CAN BE BROKEN INTOUSING MY SPECIAL TECHNIQUES.IF YOU HAVEN'T CONFIGURED YOUR FIREWALL WELL THEN YOU ARE TOAST. USE GOOD BIOS PASSWORDS AND PLEASE VISIT THESE SITE TO SEE WHETHER YOU HAVEV CONFIGURED YOUR FIREWALL WELL OR NOT WWW.IANA.ORG/ASSIGNMENTS/PORT-NUMBERS .THERE ARE PORT NUMBERS FROM 0 TO65535 OF THEM .HOW MANY HAVE YOU BLOCKED ? CONTACT ME AT: ATTACKER4202000@YAHOO.CO.IN. I WILL BE WAITING TO HELP YOU BECAUSE I AM A WHITE HAT HACKER AND NOT A BLACK HAT CRACKER.
    Share on Google+

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Umm.. Darkhand, might want to consider not posting entirely in caps and putting in some paragraphs. Does make it easier to read what advice, if any, you are giving.

    THE TOOL IS NMAP.
    There's no guarantee that it is nmap. We can assume it's nmap because the user said the packets were "SYN Stealth" but then again it could be a homemade tool or another tool.

    Your firewall advice is ok but keep this in mind, given that his existing producted detected it and blocked it, why would he get another product?

    I'd also suggest to parth_scores to NOT contact this user. Help is better given in the open. Right now I'd be very paranoid as to what darkhand intends to do with any information you provide him/her (particularly from email headers).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •