Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: somebody really annoying me

  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    30

    somebody really annoying me

    I wasnt sure where to post this, anyway for the past 3 days someone keeps trying to attack my computer, my norton internet security keeps detecting them and as you can from the log entry below they keep trying to connect to the same port. does anyone know what this could be, spyware, botnet program? also, ive been trying to teach him a lesson by getting into his computer, and ive tried the usual, netbios, telnet, ftp, with no avail. can anybody suggest anything, or least direct me to a good tutorial.

    heres the log entry:
    24/01/2008 16:02:28,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.
    24/01/2008 16:02:28,Intrusion: NMap Null Scan.,"Intrusion: NMap Null Scan. Intruder: 62.68.76.210(4865). Risk Level: Medium. Protocol: TCP. Attacked IP: SN049309320171(192.168.1.65). Attacked Port: 9472."
    4/01/2008 15:26:28,Intrusion: NMap Null Scan.,"Intrusion: NMap Null Scan. Intruder: 62.68.76.210(3112). Risk Level: Medium. Protocol: TCP. Attacked IP: SN049309320171(192.168.1.65). Attacked Port: 9472."
    24/01/2008 15:26:28,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.
    24/01/2008 14:55:18,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.
    24/01/2008 14:55:18,Intrusion: NMap Null Scan.,"Intrusion: NMap Null Scan. Intruder: 62.68.76.210(nsvt-stream(1570)). Risk Level: Medium. Protocol: TCP. Attacked IP: SN049309320171(192.168.1.65). Attacked Port: 9472."
    24/01/2008 14:19:16,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.,Intrusion detected and blocked. All communication with 62.68.76.210 will be blocked for 30 minutes.

  2. #2
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    Well looks like the IP range is from Amsterdam if you go to Arin.net and search the IP it points you to Ripe.net and if you search there it gives you this info:

    http://www.ripe.net/whois?form_type=..._search=Search

    not sure you can do much about it other than just block them, there doesn't look to be an abuse address but there is another one on the page. probably the company/maybe isp who has the block of IP's

    there address is below
    http://www.com-tonet.com/

    I would recommend finding an email on the above site and emailing your logs there... aside from that the only thing you can do is block any connection from their IP in norton.

    have fun
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  3. #3
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Seems like someone or something is probing your computer for open ports. From the log results, your firewall is working as it should which is good.

    ive been trying to teach him a lesson by getting into his computer, and ive tried the usual, netbios, telnet, ftp, with no avail
    Don't waste your time. god only knows who or what is triggering the scan on the other end. Even more important, who knows where the other end even is.

    I agree with Moxquito. Just block it and be done with it.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    30
    yeah i noticed that the IP was from amsterdam, but this could be a proxy, so youre probably right ill just have to ignore them

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Don't get me wrong though; I know it's aggravating to sit back and do nothing. I'm just trying to save you some frustration.

    I mean, imagine this:
    Some guy spoofs his laptop's MAC (using SMAC), then daisy-chains through various non-logging proxies (google "free proxies") from his car where he's leeching off of random unsecured hot spots (easily found with NetStumbler). Now even if you managed to somehow find the actual originating IP that tunneled through the proxies, you'd be going after the wrong (possibly unknowing) person whose router logs will yield nothing more than a fake MAC and some other trivial information. Still want to try and find this guy?

    And this is just one situation of many possible situations. Chalk it up to experience and be happy your firewall works the way it's supposed to.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You're behind a NAT router.. There's no way someone from the Internet is then able to "attack" your computer unless you've opened up all your ports.

    So it's probably self induced traffic which norton thinks is'nt proper and flags it as an attack..


    And it's not from Amsterdam.. I don't know how moxquito came to that conclusion but 62.68.76.210 originates in Greece. Last time I checked Amsterdam was still the capital of my country.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi there SirDice,

    I come up as Amsterdam sometimes

    I think that moxquito is using a search tool that is using outdated reference tables?

    I find this one is pretty good:

    http://www.dnsstuff.com/

    And it says that IP resolves to Greece as well

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by nihil
    Hi there SirDice,
    I think that moxquito is using a search tool that is using outdated reference tables?
    The links mox posted show Greece as well
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    OK so in my defense I got amsterdam from Arin.net , which doesn't realy make any since either so I'm not sure what I was thinking yesterday and now that I look more closely at the RIPE page I see that the country is GR. So with that being said after work tonight im going to go home and get drunk
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  10. #10
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    don't know how moxquito came to that conclusion but 62.68.76.210 originates in Greece. Last time I checked Amsterdam was still the capital of my country
    Last time I checked, there's no reason to be a pri-ck towards someone whose trying to be helpful.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Similar Threads

  1. Most Annoying Song Ever.
    By .:front2back:. in forum Tech Humor
    Replies: 0
    Last Post: March 17th, 2006, 01:52 AM
  2. How Friggin' Annoying are You?
    By Egaladeist in forum AntiOnline's General Chit Chat
    Replies: 24
    Last Post: September 12th, 2005, 11:54 PM
  3. Annoying problem...
    By DerekK in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: July 14th, 2004, 03:30 PM
  4. Opera & those annoying "Save As"
    By Propaganda in forum Web Security
    Replies: 12
    Last Post: June 21st, 2004, 10:42 PM
  5. Win2k getting verrrry annoying - Disappearing Tool Bar
    By Scimitar in forum Microsoft Security Discussions
    Replies: 6
    Last Post: September 30th, 2003, 03:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •