Results 1 to 5 of 5

Thread: anyone connected my computer??

  1. #1

    anyone connected my computer??

    After I start my server, I run "netstat -an" and I got the following message(I didn't run any program except Internet connection(ADSL)):

    TCP 127.0.0.1:389 127.0.0.1:1046 ESTABLISHED
    TCP 127.0.0.1:389 127.0.0.1:1048 ESTABLISHED
    TCP 127.0.0.1:389 127.0.0.1:1049 ESTABLISHED
    TCP 127.0.0.1:389 127.0.0.1:1051 ESTABLISHED
    TCP 127.0.0.1:389 127.0.0.1:1072 ESTABLISHED
    TCP 127.0.0.1:389 127.0.0.1:1100 TIME_WAIT
    TCP 127.0.0.1:389 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1031 127.0.0.1:445 TIME_WAIT
    TCP 127.0.0.1:1046 127.0.0.1:389 ESTABLISHED
    TCP 127.0.0.1:1048 127.0.0.1:389 ESTABLISHED
    TCP 127.0.0.1:1049 127.0.0.1:389 ESTABLISHED
    TCP 127.0.0.1:1051 127.0.0.1:389 ESTABLISHED
    TCP 127.0.0.1:1063 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1072 127.0.0.1:389 ESTABLISHED
    TCP 156.**.***.213:139 0.0.0.0:0 LISTENING
    TCP 156.**.***.213:1124 **.145.112.211:53 TIME_WAIT
    TCP 156.**.***.213:1125 **.145.112.211:53 TIME_WAIT
    TCP 156.**.***.213:1126 **.145.112.211:53 TIME_WAIT
    TCP 156.**.***.213:1129 **.145.112.211:53 TIME_WAIT
    TCP 156.**.***.213:1130 **.145.112.211:53 TIME_WAIT
    TCP 156.**.***.213:1131 **.145.112.211:53 TIME_WAIT
    TCP 169.***.12.97:139 0.0.0.0:0 LISTENING
    TCP 169.***.12.97:389 169.***.12.97:1041 TIME_WAIT
    TCP 169.***.12.97:389 169.***.12.97:1042 TIME_WAIT
    TCP 169.***.12.97:389 169.***.12.97:1092 TIME_WAIT
    TCP 169.***.12.97:389 169.***.12.97:1093 TIME_WAIT
    TCP 169.***.104.89:139 0.0.0.0:0 LISTENING
    TCP 169.***.104.89:389 169.***.104.89:1039 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1043 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1053 ESTABLISHED
    TCP 169.***.104.89:389 169.***.104.89:1057 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1060 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1061 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1062 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1067 ESTABLISHED
    TCP 169.***.104.89:389 169.***.104.89:1083 ESTABLISHED
    TCP 169.***.104.89:389 169.***.104.89:1099 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1118 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1119 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1120 TIME_WAIT
    TCP 169.***.104.89:389 169.***.104.89:1121 TIME_WAIT
    TCP 169.***.104.89:1026 169.***.104.89:1085 ESTABLISHED
    TCP 169.***.104.89:1030 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1032 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1036 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1037 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1053 169.***.104.89:389 ESTABLISHED
    TCP 169.***.104.89:1054 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1055 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1067 169.***.104.89:389 ESTABLISHED
    TCP 169.***.104.89:1083 169.***.104.89:389 ESTABLISHED
    TCP 169.***.104.89:1084 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1085 169.***.104.89:1026 ESTABLISHED
    TCP 169.***.104.89:1086 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1087 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1088 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1089 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1090 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1091 169.***.104.89:445 TIME_WAIT
    TCP 169.***.104.89:1094 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1095 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1097 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1098 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1102 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1103 169.***.104.89:1026 TIME_WAIT
    TCP 169.***.104.89:1105 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1106 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1107 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1108 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1109 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1110 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1111 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1112 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1113 169.***.104.89:1074 TIME_WAIT
    TCP 169.***.104.89:1116 169.***.104.89:135 TIME_WAIT
    TCP 169.***.104.89:1117 169.***.104.89:1065 TIME_WAIT

    Does that show me some one waiting for me? Am I safe? anyone please give me some idea what happened to my server? I running a Windows 2000 advance server. what should I do if I want to close a port?

    welcome any comments. thanks
    I\'d found my best love, but I didn\'t treasure her. I felt regretful after that. It\'s the ultimate pain in the world. If God can give me a chance, I will tell her three word: \"I love you\". If God wanna give me a time limit, I\'ll say this love will last 10 thousand years!

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Have you got an anti-virus or Trojan scanner on your server? If not you might want to get one, this does look suspicious.


    Cheers:
    DjM

  3. #3
    you seem to have an awful lot of connections to '169.***.104.89' on all types of ports.
    I suggest that you make sure that the ports, Sub7 Server port: TCP 27374 (default). BO2K port: TCP 54320 (default). And NetBus port: TCP 12345 (default). Are monitored to avoid being hacked by any of the following Trojan Horses. Also I suggest you get a good firewall such as Sygate Personal Firewall

    -HellsAngel

  4. #4
    Senior Member
    Join Date
    Nov 2002
    Posts
    139
    that does look very suspicious you can go here and get a good Trojan detecting program , i use it and it has detected trojans before on my machine in the past as well as double extensions and etc.... http://www.mischel.dhs.org/trojanhunter.jsp
    Mischel Internet Security - TrojanHunter: Finds and removes trojans .... hope this helps

  5. #5
    get these as soon as possible:

    antivirus(notrton is a good one)
    firewall(macafee or zonealarm)
    zombie zapper

    you might have turned into a zombie !!!

    http://razor.bindview.com/tools/ZombieZapper_form.shtml

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •