Help Me Please. Unsure if hoax!!

[THEprophetMOSES]

it was my real ip address, but thanks anyway. mmm... commindico. i got no idea if my isp serves me off to commindico i beleive you that the ip is owned by them but i dont think we go through their proxy.

well i have scanned ports 1-10,000 and this is what ive found
Port Found On: 21
Port Found On: 23
Port Found On: 25
Port Found On: 53
Port Found On: 80
Port Found On: 110
Port Found On: 139
Port Found On: 1080
Port Found On: 1090
Port Found On: 5376
Port Found On: 5888
Port Found On: 6400

the legitimate ports on the proxy are:
80
21
23
1080
1090
i also have pop3 and smtp running whatever ports they are on, i dontr exectly know.
i stopped at 10,000 because it is now about 12:15am and i actually have to get up in the morning and i cant have the internet on all night because my parents will go psycho!
any way thanks and seeyas!

[cgkanchi]

Sounds like you need a good firewall.... (Might I suggest an old 486 running OpenBSD or FreeBSD or LOAF or LRP)
Cheers,
cgkanchi

[SirDice]

Originally posted here by THEprophetMOSES
well i have scanned ports 1-10,000 and this is what ive found
Port Found On: 21
Port Found On: 23
Port Found On: 25
Port Found On: 53
Port Found On: 80
Port Found On: 110
Port Found On: 139
Port Found On: 1080
Port Found On: 1090
Port Found On: 5376
Port Found On: 5888
Port Found On: 6400

the legitimate ports on the proxy are:
80
21
23
1080
1090
i also have pop3 and smtp running whatever ports they are on, i dontr exectly know.

SMTP runs on 25 and pop3 on 110. Now this is what I like to call a Christmas tree. All those open ports. You are an accident waiting to happen.

Originally posted here by cgkanchi
Sounds like you need a good firewall.... (Might I suggest an old 486 running OpenBSD or FreeBSD or LOAF or LRP)

I agree. Any kind of firewall would do. In short: close all those ports. This is probably the reason why they thought you where hacking them. Someone used you to hide their own traces.

[meloncholy]

I agree. The person who contacted you is obviously not a person of authority. No one will "warn" you over a chat channel. This is a sys admin who stumbled across your ip while they were doing an audit. You can tell the person is not too experienced just by the fact they bragged they were Cisco Certified (like that was supposed to make you shake in your shoes). Most security minded people know that a badguy is usually smart enough to not luanch an attack from his own ISP. You are just a comprimised box being used (which is the case most of the time) If the FBI, or any law enforcement agency was going to do something, there would be no warning. If they actually suspected you of something criminal, they would keep silent, sit back and watch your every movement (spy) and then get a warrent and take your computer to a forensics lab. For this to happen, you would of have to have done something pretty bad. The best thing for you to do is what the other people on this board recommended. Get a firewall. Also, log everything! I'm sure this person that contacted you has been pking around in your computer as well (you have port 139 open, and by guessing how secure free your computer is, they are going through the C$ share where you forgot to password protect.) If you were to catch her, this would be illegal on her part, and if you had proof, you could press charges! Sorry, just a long ramble, but some stuff to think about......

[Collapse]

Do you recognise this name on this (IRC?) server ? It is possible they met you on their, did a whois and have installed a backdoor or something. Scan For Viruses Here and get rid of the backdoor. Then get a good AV (avast is alright) and a firewall that works.
If you don't want to keep the proxy, install Sygate PF or Kerio PF .

[exodus820]

i think it looks like one of these three scenarios:
1)this person thinks that you are that guy that was fukkin wid ur computer a while back (the comindico guy), possibly becuase he is using your computer as a kind of proxy attack point. this way you would take the fall for any of the comindico guy's actions. i've seen it done before. here in the states they passed a bill that would probably have a swat of feds on your arse, considering the sloppiness of this guys actions (seeing as how a mere ccnp figured 'you' out)
2)this person IS the guy that fukked wid your computer, and he/she is just being a cocknocker
3)this is just some retarded ****** wid no life who used some information he found with a tracert and a whois to scare ya. he may have thought your isp was comindico because that is the isp of the little grimlin who was in ur comp just the other day.

[AciDriveHB]

exodus820, I would have made it a little more formal, but I agree. Basically this person is being attacked and thinks you are the person doing it, or it's just someone screwing with you (whether it be the person who might be using your computer as a jump point for attacking other computers or just some random ICQ/IRC/Internet user).

I would highly suggest trying to tighten your security as much as possible, as stated all above. But I would be interested what your ISP might say after you contact them about it. Then again whenever I was out in Sydney Aussie back in the summer (your winter) of '99, I heard about the 400 some trojans roaming around the ISP networks and such, and how the admins were just being total airheads about everything. So you might not get all the help you need there. But then again if you don't get help there, and try all the above, you know you can always come here for a helping hand in figuring this out!

[z0mbi3]

There is absolutely no way that this person worked for your ISP. Nobody from your ISP would identify themselves as a CCNP, how stupid. Most likely they are the person you were having trouble with just having some fun with you. Ignore them.

[MrLinus]

Actually, I wouldn't ignore what they did. As was suggested, contacting the ISP and the "parentals" are good options. The more others know, the more aware they will be. Plus it could indicate that someone is attempting to social engineer clients on the ISP, who'd be quite interested in hearing (or they should be at least) of a potential security threat.

[THEprophetMOSES]

cheers all im just about to write to my isp and let them know. i will also include a link to this thred so they can read it too. ive just installed "blackice IDS" and used "thecleaner" but it didnt find anything. and i think my proxy has built in firewall so ill have to fihure out how to close those ports. if anyones got any info on that for 602 pro lan suite lite can u put it here?