SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 What does this mean?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
ParaNoid
** REMEMBERED **


Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.


PostPosted: Sun Nov 18, 2007 12:58 am Reply with quoteBack to top

My AV software just put this up on my screeen a bit earlier today. (I was NOT on eater, but I was on Yahoo and gmail.)

An intrusion attempt by 61.178.176.152 was blocked 11/17/07 4:43pm

I looked the IP up and found this.

whois wrote:

inetnum: 61.178.176.0 - 61.178.176.255
netname: ZY-AREA-NET-CLUB
country: CN
descr: Gansu,Zhangye area net club
admin-c: YZ37-AP
tech-c: YZ37-AP
changed: [email protected] 20040519
mnt-by: MAINT-CHINANET-GS
status: ASSIGNED NON-PORTABLE
source: APNIC

person: Yang Zhanrong
address: No.405 Pingliang Road
address: Lanzhou,Gansu
address: 730000,P.R.China
country: CN
phone: +86-931-8789183
fax-no: +86-931-8788139
e-mail: [email protected]
nic-hdl: YZ37-AP
mnt-by: MAINT-CHINANET-GS
changed: [email protected] 20020206
source: APNIC


Is there any way to report this attempted attack on my computer? Is tis the type of thing that creates a botnet and therefore dds attack?

Now I am really ParaNoid. Shocked


Second attack just moments ago, data: An intrusion attempt by 220.189.238.42 was blocked 11/17/07 5:57pm

whois wrote:

inetnum: 220.189.238.40 - 220.189.238.43
netname: CHANGXING-MIDDLE-SCHOOL
country: CN
descr: Changxing Middle School
descr:
admin-c: GL581-AP
tech-c: CH119-AP
status: ASSIGNED NON-PORTABLE
changed: [email protected] 20051104
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

role: CHINANET-ZJ Huzhou
address: No.18 Hongqi Road,Huzhou,Zhejiang.313000
country: CN
phone: +86-572-2022163
fax-no: +86-572-2210609
e-mail: [email protected]
trouble: send spam reports to [email protected]
trouble: and abuse reports to [email protected]
trouble: Please include detailed information and times in UTC
admin-c: CH50-AP
tech-c: CH50-AP
nic-hdl: CH119-AP
mnt-by: MAINT-CHINANET-ZJ
changed: [email protected] 20031204
source: APNIC

person: Guobin Lu
nic-hdl: GL581-AP
e-mail: [email protected]
address: No.208,Jinlin Road(north),Changxing,Huzhou,Zhejiang.
Postcode:313100
phone: +86-572-6227690
country: CN
changed: [email protected] 20051104
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC



EDITED to add times and second attack data

_________________
Gold Coins here

pony pony Closed lad accounts Goat Goat Goat Goat Sand Timer Easter Egg Easter 2015
Mortar x 4 <b>Looking for a Mentor? Click here</b>

"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown

Visit www.scamwarners.com

Last edited by ParaNoid on Sun Nov 18, 2007 1:16 am; edited 1 time in total
View user's profileSend private messageSend e-mail
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Sun Nov 18, 2007 1:06 am Reply with quoteBack to top

It does have a connection with the storm, that IP is listed as an attacking host, see here:

http://www.sectegrity.com/alerts/isc.shtml

http://www.mittineague.com/dev/dids.php

Other for the same IP:

http://www.google.com/search?hl=en&client=opera&rls=en&hs=CrD&q=61.178.176.152&btnG=Search

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
ParaNoid
** REMEMBERED **


Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.


PostPosted: Sun Nov 18, 2007 4:09 am Reply with quoteBack to top

Thank you SP.

General question: Do "they"use random number generators to troll for vulnerable IPs? Much like they hit email accounts and are able to use the account name in an email. (I always assumed the email addresses were hand harvested.)

I always say that Eater is educational.

_________________
Gold Coins here

pony pony Closed lad accounts Goat Goat Goat Goat Sand Timer Easter Egg Easter 2015
Mortar x 4 <b>Looking for a Mentor? Click here</b>

"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown

Visit www.scamwarners.com
View user's profileSend private messageSend e-mail
Stoker Thompson
419Eater is my life


Joined: 11 Apr 2007
Posts: 271
Location: Out There.


PostPosted: Sun Nov 18, 2007 4:42 am Reply with quoteBack to top

Hi ParaNoid Very Happy

Is your computer connected directly to the internet modem? This would be the cable modem box or the DSL modem. If so power off the modem for a minute and then power it back on. This will change your IP slightly.

Chances are someone is just scanning a block of address's. That's fairly common. I would recommend getting a router if you don't already have one. I am assuming that you are running current AV software, a good firewall, and some anti-spyware software.

I'd recommend getting a Mac or setting up an old laptop with Linux for browsing & baiting if you are worried about security.
View user's profileSend private message
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Sun Nov 18, 2007 6:59 am Reply with quoteBack to top

ParaNoid wrote:
Do "they"use random number generators to troll for vulnerable IPs?


Well, yes. Basically port scans make part of the everyday white noise of the internet. Nothing special and nothing terribly worrying, provided your PC is patched and secured by a firewall. Let's just say that marking such scans as "intrusion attempts" is a bit of PR from the firewall makers themselves. You have to say "good puppy" every now and then to keep it happy.

A good firewall will not respond to such attempts and play dead. You can test here whether your firewall is worth its dogfood and doesn't bark.

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
Reaper
Hello I'm New here!


Joined: 06 May 2007
Posts: 0
Location: Travelling in a fried-out combie. On a hippie trail, head full of zombie...


PostPosted: Sun Nov 18, 2007 7:14 am Reply with quoteBack to top

Quote:
Your system has achieved a perfect "TruStealth" rating. Not a single packet solicited or otherwise was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.


Cool Now everyone go test your firewall and post your results like we always do when we find something like this!

_________________
110+United KingdomNigeriaSpainNetherlandsGhanaChinaIvory CoastUnited StatesSwitzerlandAustraliaFranceDenmarkSierra LeoneEuropean UnionSenegalUnited NationsRussiaBurkina FasoBeninCzech RepublicQuestion
Cellphone x15 Mortar x18 Closed lad accounts 50+

SafariSafariSafari Shola - 4.3k miles Lagos - Abidjan | Lagos - N'Djamena, Chad | Lagos - Sokoto "i have not eaten anything except water"
SafariSafari Mr Floyd - Lagos - N'Djamena, Chad | Lagos -N'Djamena --> Abeche, with RS (7 days in hell Rolling Eyes ) "we are dieing here"

Art Trophies: <a href="http://forum.419eater.com/forum/viewtopic.php?t=129502">Eva Bust</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=135167">Reaper's Art Gallery</a>

- I am the King of Rome, and above grammar
Easter Egg
View user's profileSend private messageSkype Name
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11433
Location: Illuminati HQ


PostPosted: Sun Nov 18, 2007 7:19 am Reply with quoteBack to top

Don wrote:
Let's just say that marking such scans as "intrusion attempts" is a bit of PR from the firewall makers themselves. You have to say "good puppy" every now and then to keep it happy.


Amen! Thus reminding you that the damn thing is protecting you from someone stealing your wife and first born, and reminding you to renew your subscription when it expires.

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R

"Shallow men believe in luck. Strong men believe in cause and effect." -Emerson
View user's profileSend private messageSend e-mail
wingman
Master Baiter


Joined: 31 Oct 2007
Posts: 156
Location: State of Confusion, USA


PostPosted: Sun Nov 18, 2007 2:18 pm Reply with quoteBack to top

All my ports were stealth, but:

Ping Reply: RECEIVED (FAILED) Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

I don't know how to correct this. Or if I even need to.

_________________
This is not a signature. I type this at the end of every post to ensure quality control.

Total amount in counterfeit checks taken off the street: $11450USD

"YOU THE TALK OF SCAM YOU WILL REMAIN POOR OVER THERE, YOU DONT KNOW EZE EGO OF IHIALA.."...[email protected]

"if only u had a little bit more education........u probably wouldn't have ended up this way."...Dr Bola Taylor

"THE GOD OF ABRAHAM WILL DESTROY U THIS 2007 YOU WILL NOT ENTER 2008 ."...henry oranusi (fake minister)
Cellphone x5 Closed lad accounts x6 pony
View user's profileSend private message
SlapHappy
Baiting Guru


Joined: 15 May 2006
Posts: 9612
Location: Floating up and down with happiness.


PostPosted: Mon Nov 19, 2007 5:23 pm Reply with quoteBack to top

^^wingman,

What firewall are you using? and are you using a router, too?
Sounds like you may have a problem there...

_________________
Sand Timer x Reven U., Fats Walla, Donny
Safari x10 Sand Timer X2 MM:Mikex2, JohnK, [email protected], Ob1, Armstrong, Ismail, TG&Friend
Safari x3 Nancy, Security Guy, Robert Accra-Tamale
Safari Safari Sand Timer (19 mo.) Tina and Joe's Safari - Accra to Niger & Timbucktu
Safari Safari [email protected] & Charlie -Wulugu Or Bust Safari- Lagos to Paga & Tokwari X2 - 3800mi.
Golden Pith x3 H3ctor & [email protected] - Yankar1 & Parakou
Safari x2 Charles and Friend-Amsterdam to Vatican
Safari Issac to Chad
Be A Cool Cat, Like Me Trophy Videos Cool Stuff
pony pony Closed lad accounts Mortar Goat Easter Egg 2011
View user's profileSend private messageSkype Name
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Mon Nov 19, 2007 5:31 pm Reply with quoteBack to top

Pastor Frank wrote:
Thus reminding you that the damn thing is protecting you from someone stealing your wife and first born, and reminding you to renew your subscription when it expires.


And makes for some impressive figures, like mine letting me now that "12249 Intrusions have been blocked since install". Doesn't actually mean anything but looks impressive. Especially when you keep the pop up thingie enabled...makes you feel a proper internet ninja, clining to the flag in a hacker thunderstorm... Laughing

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
flushmynutz
Master Baiter


Joined: 31 Oct 2007
Posts: 130


PostPosted: Mon Nov 19, 2007 5:42 pm Reply with quoteBack to top

Had to go there to get my own "pat on the head"...

Quote:
YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.


and if that didn't make me cool enough...

Quote:
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


I feel so validated now! Very Happy

_________________
If you need shipping, you need to get
L.O.S.T.
View user's profileSend private message
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Tue Nov 20, 2007 4:41 am Reply with quoteBack to top

I like the IDS system I use, a lot of white noise isnt an attack, in your case (the original poster - i simply dont know but im refering to basic internet white noise)

Some p2p creates white noise, as the people using p2p there machine "reaches out" to other machines, those with p2p get a response those without get a log Sad

Virgin im sure has helkern virus on there system, everytime i put my computer on there network i get at least 4 alerts a day, on every other isp its about 1 every 3 or 4 weeks!

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
ParaNoid
** REMEMBERED **


Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.


PostPosted: Tue Nov 20, 2007 5:00 am Reply with quoteBack to top

Thanks Don, you're the ... well it already says t in your title line. I seem to already have my computer configured tightly.

Shields Up wrote:
Your system has achieved a perfect "TruStealth" rating. Not a single packet solicited or otherwise was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.


I never knew I was a ninja! I was pretty sure I didn't really "exist" though... Shocked

Damn the attackers... Evil or Very Mad

_________________
Gold Coins here

pony pony Closed lad accounts Goat Goat Goat Goat Sand Timer Easter Egg Easter 2015
Mortar x 4 <b>Looking for a Mentor? Click here</b>

"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown

Visit www.scamwarners.com
View user's profileSend private messageSend e-mail
Ghost
419Eater Admin


Joined: 26 Jun 2004
Posts: 5690
Location: In the cellar rattling chains


PostPosted: Tue Nov 20, 2007 5:40 am Reply with quoteBack to top

How did I do this? I never did anything special other than install Norton Internet security.

Quote:
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.


and this

Quote:
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


I know this sounds good but I have no idea what is going on. Don can you explain?

Edit: You know what Don never mind. You'll probably confuse me even more. I'll just be happy with what it told me Smile

_________________
Easter Egg 2012 Star pony pony Santa pony pony Closed lad accounts Mortar
View user's profileSend private messageSkype Name
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Tue Nov 20, 2007 8:58 am Reply with quoteBack to top

Laughing That's the spirit!

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
Doctor X
** ACCOUNT CLOSED **


Joined: 15 Apr 2007
Posts: 766


PostPosted: Tue Nov 20, 2007 11:58 am Reply with quoteBack to top

Stoker Thompson wrote:
I'd recommend getting a Mac. . . .


Which pretty much is all that needs to be stated.





Very Happy


Right . . . I will just let myself out the back. . . .

--J.D.

P.S. Though Macs are vulnerable through ports too.

_________________
וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT