Security Incidents mailing list archives
Fwd: [Fw: Ive been broken into ]
From: jeff_watson () USA NET (JEFF WATSON)
Date: Wed, 5 Jul 2000 15:35:58 CDT
Guys, When looking at the time stamps of all the log entrys, does appear of verify that I have been used or owned ?? Thanks in Advance, Jeff ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 <STRONG>attached mail follows:</STRONG><HR NOSHADE><P> ----- Original Message ----- From: "Technical Support" <gb-support () gta com> To: "vista33" <vista33 () email msn com> Sent: Saturday, July 01, 2000 5:14 PM Subject: Re: Ive been broken into
Hello Mr. Watson, You will need to supply your GNAT Box serial number and, version along
with
your software configuration in order for us to be able to assist you. However, this looks like one of your internal hosts is trying to connect outbound to three different computers on port 137. Which is used for Netbios. You may wish to check why the computer is trying to make these outbound connections. Technical Support At 01:25 PM 7/1/00 -0500, you wrote:Please give Hello I think that I have been broken into and USED and
ABUSED
Please look at these log snippets. I humbly ask for your opions..and what
I
should do about ---- Small Office Network Please give me your feedback and suggestions. Suggestions, Jeff Watson " I configed the FW as per icsa.net's lab proceedures. -----------look at the precise log times--- -----------strange 61900------------------firewall log-snips----- 16 5 Jun 19 18:27:26 NAT: Open UDP [192.168.1.10/137]->[208.236.23.69/808]->[205.160.199.2/137]. 16 5 Jun 19 18:27:27 NAT: Close UDP [192.168.1.10/137]->[208.236.23.69/808]->[205.160.199.2/137] Pkts 1 0,
Bytes
78 0. 16 5 Jun 19 18:27:28 NAT: Open UDP [192.168.1.10/137]->[208.236.23.69/807]->[205.160.199.2/137]. ------------------------------------------- 5 Jun 19 18:11:24 NAT: Open UDP [192.168.1.10/137]->[208.236.23.69/1023]->[206.69.91.116/137]. 16 5 Jun 19 18:11:25 NAT: Close UDP [192.168.1.10/137]->[208.236.23.69/1023]->[206.69.91.116/137] Pkts 1 0, Bytes 78 0. 16 5 Jun 19 18:11:26 NAT: Open UDP [192.168.1.10/137]->[208.236.23.69/1022]->[206.69.91.116/137]. 16 5 Jun 19 18:11:27 NAT: Close UDP [192.168.1.10/137]->[208.236.23.69/1022]->[206.69.91.116/137] Pkts 1 0, Bytes 78 0. ----------------------------------Zone alarm log snips PE,2000/06/19,17:17:12 -6:00 GMT,Microsoft Synchronization Manager,127.0.0.1:1848,N/A FWIN,2000/06/19,18:10:12 -6:00 GMT,206.69.91.116:0,192.168.1.10:0,ICMP FWIN,2000/06/19,18:10:32 -6:00 GMT,206.69.91.100:137,192.168.1.10:137,UDP -------------------------- Humbly, JWTechnical Support Email: gb-support () gta com Global Technology Associates, Inc. Telephone: Tel: +1.407.380.0220 3505 Lake Lynda Drive Web: http://www.gta.com Suite 109 http://www.gnatbox.com Orlando, Florida 32817 USA
Current thread:
- scan log and subsequent response from the host's ISP Bradley Woodward (Jul 02)
- Fwd: [Fw: Ive been broken into ] JEFF WATSON (Jul 05)
- version.bind from zen.isi.edu Patrick Oonk (Jul 05)
- Re: scan log and subsequent response from the host's ISP Patrick Oonk (Jul 05)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Talisker (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 05)
- how to close security holes from nessus vulnerability scan report ? Chew Poh Chang (CAPL) (Jul 06)
- Snort SMTP expn-root Oxenreider, Jeff (Jul 06)
- Re: Snort SMTP expn-root Joe McAlerney (Jul 06)
- Re: Snort SMTP expn-root Bill Pennington (Jul 06)
(Thread continues...)