-
November 28th, 2002, 12:00 AM
#1
Member
anyone connected my computer??
After I start my server, I run "netstat -an" and I got the following message(I didn't run any program except Internet connection(ADSL)):
TCP 127.0.0.1:389 127.0.0.1:1046 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1048 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1049 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1072 ESTABLISHED
TCP 127.0.0.1:389 127.0.0.1:1100 TIME_WAIT
TCP 127.0.0.1:389 127.0.0.1:1101 TIME_WAIT
TCP 127.0.0.1:1031 127.0.0.1:445 TIME_WAIT
TCP 127.0.0.1:1046 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1048 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1049 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:389 ESTABLISHED
TCP 127.0.0.1:1063 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1072 127.0.0.1:389 ESTABLISHED
TCP 156.**.***.213:139 0.0.0.0:0 LISTENING
TCP 156.**.***.213:1124 **.145.112.211:53 TIME_WAIT
TCP 156.**.***.213:1125 **.145.112.211:53 TIME_WAIT
TCP 156.**.***.213:1126 **.145.112.211:53 TIME_WAIT
TCP 156.**.***.213:1129 **.145.112.211:53 TIME_WAIT
TCP 156.**.***.213:1130 **.145.112.211:53 TIME_WAIT
TCP 156.**.***.213:1131 **.145.112.211:53 TIME_WAIT
TCP 169.***.12.97:139 0.0.0.0:0 LISTENING
TCP 169.***.12.97:389 169.***.12.97:1041 TIME_WAIT
TCP 169.***.12.97:389 169.***.12.97:1042 TIME_WAIT
TCP 169.***.12.97:389 169.***.12.97:1092 TIME_WAIT
TCP 169.***.12.97:389 169.***.12.97:1093 TIME_WAIT
TCP 169.***.104.89:139 0.0.0.0:0 LISTENING
TCP 169.***.104.89:389 169.***.104.89:1039 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1043 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1053 ESTABLISHED
TCP 169.***.104.89:389 169.***.104.89:1057 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1060 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1061 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1062 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1067 ESTABLISHED
TCP 169.***.104.89:389 169.***.104.89:1083 ESTABLISHED
TCP 169.***.104.89:389 169.***.104.89:1099 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1118 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1119 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1120 TIME_WAIT
TCP 169.***.104.89:389 169.***.104.89:1121 TIME_WAIT
TCP 169.***.104.89:1026 169.***.104.89:1085 ESTABLISHED
TCP 169.***.104.89:1030 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1032 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1036 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1037 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1053 169.***.104.89:389 ESTABLISHED
TCP 169.***.104.89:1054 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1055 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1067 169.***.104.89:389 ESTABLISHED
TCP 169.***.104.89:1083 169.***.104.89:389 ESTABLISHED
TCP 169.***.104.89:1084 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1085 169.***.104.89:1026 ESTABLISHED
TCP 169.***.104.89:1086 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1087 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1088 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1089 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1090 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1091 169.***.104.89:445 TIME_WAIT
TCP 169.***.104.89:1094 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1095 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1097 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1098 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1102 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1103 169.***.104.89:1026 TIME_WAIT
TCP 169.***.104.89:1105 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1106 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1107 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1108 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1109 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1110 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1111 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1112 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1113 169.***.104.89:1074 TIME_WAIT
TCP 169.***.104.89:1116 169.***.104.89:135 TIME_WAIT
TCP 169.***.104.89:1117 169.***.104.89:1065 TIME_WAIT
Does that show me some one waiting for me? Am I safe? anyone please give me some idea what happened to my server? I running a Windows 2000 advance server. what should I do if I want to close a port?
welcome any comments. thanks
I\'d found my best love, but I didn\'t treasure her. I felt regretful after that. It\'s the ultimate pain in the world. If God can give me a chance, I will tell her three word: \"I love you\". If God wanna give me a time limit, I\'ll say this love will last 10 thousand years!
-
November 28th, 2002, 12:05 AM
#2
Have you got an anti-virus or Trojan scanner on your server? If not you might want to get one, this does look suspicious.
Cheers:
-
December 1st, 2002, 03:01 PM
#3
you seem to have an awful lot of connections to '169.***.104.89' on all types of ports.
I suggest that you make sure that the ports, Sub7 Server port: TCP 27374 (default). BO2K port: TCP 54320 (default). And NetBus port: TCP 12345 (default). Are monitored to avoid being hacked by any of the following Trojan Horses. Also I suggest you get a good firewall such as Sygate Personal Firewall
-HellsAngel
-
December 1st, 2002, 03:08 PM
#4
that does look very suspicious you can go here and get a good Trojan detecting program , i use it and it has detected trojans before on my machine in the past as well as double extensions and etc.... http://www.mischel.dhs.org/trojanhunter.jsp
Mischel Internet Security - TrojanHunter: Finds and removes trojans .... hope this helps
-
December 1st, 2002, 03:18 PM
#5
get these as soon as possible:
antivirus(notrton is a good one)
firewall(macafee or zonealarm)
zombie zapper
you might have turned into a zombie !!!
http://razor.bindview.com/tools/ZombieZapper_form.shtml
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|