All these tried to gain access to my server in the past 24 hours.

Eversince I have been hached I'm being a bit hysteric about it.

I already nslookup them, I just want to see if you can dig (no pun intented) them any further

24.50.230.97
142.166.205.243
65.80.14.71
24.22.84.49
24.163.10.178
24.164.105.90

Thanks

Go to this site and look them up
http://www.arin.net/whois

Nornerb

great site

thanks

They look like DNS requests more than anything else.. What do you think?

Paranoid? Me??

----black helicopters flying over the city.....

Hi again,
I looked at the first couple and would tend to agree with you they look pretty harmless. What Firewall do you use? How did you get hacked? I'm in the UK as well

Nodnerb

i cant give u the guy address but i can give u thevisp provider of each ip

24.30.230.97=ADELPHIA.NET, Administrative Contact, Billing Contact:
Scott, Joelle (JSE388) joelle@ADELPHIA.NET
Adelphia Business Solutions
712 North Main Street
Coudersport, PA 16915
888-512-5111 (FAX) 814-274-7370
Technical Contact:
Hostmaster, Adelphia (HA143-ORG) hostmaster@ADELPHIA.NET
Adelphia Communications Corp.
Main at Water Street
Coudersport, PA 16915

142.166.205.243=NBTEL.NET (lol new brunswick)Administrative Contact, Billing Contact:
CONVENTION, ADDRESSING (AC5858) addconv@NBNET.NB.CA
NBTel Inc.
Corporate Communications (BSL)
One Brunswick Square
Saint John, NB E2L 4K2
CA
506-658-7828 (FAX) 506-658-7163
Technical Contact:
NBTel Domain Name Registrar (NDN2-ORG) intellis@NBTEL.NB.CA
NBTel
One Brunswick Square
Saint John, NB E2L4K2
CA
1-888-544-4200Fax- 1-506-859-3091\

65.80.14.71=(MIAMI)BELLSOUTH.NET,,Administrative Contact, Billing Contact:
Admin, Domain (AD11661-OR) hostmaster@BELLSOUTH.NET
Bellsouth.net
1100 Ashwood Parkway
Atlanta, GA 30338
USA
(770) 522-4000
Fax- (770) 522-6050
Technical Contact:
Hostmaster (HOS260-ORG) hostmaster@BELLSOUTH.NET
BellSouth.net 1100 Ashwood Parkway
Suite 200
Atlanta, GA 30338
US
(770) 522-6300
Fax- (770) 522-4002

24.22.84.49=(floridaMIAMI)HOME.com,Technical Contact:
DNS Administration (DA24627-OR) abuse@HOME.COM
@Home Network
425 Broadway St
Redwood City , CA 94063
US
650-556-5399
Fax- 650-556-6666
Billing Contact:
Du, Trung (TD2157) trung@CORP.HOME.NET
@Home Network
425 Broadway Street
Redwood City, CA 94063-3126
650-569-5437 (FAX) 650-569-5100

24.163.10.178=highpoint ,NC,US (RR.COM)Administrative Contact, Technical Contact, Billing Contact:
Network Operations Center, Road Runner (NO789-ORG) abuse@RR.COM
Road Runner
Northridge II
13241 Woodland Park Road
Herndon, VA 22071
US
(703) 345-3416
Fax- - (703) 345-2517

24.164.105.90=colombus,OH,US ,RR.COM,Administrative Contact, Technical Contact, Billing Contact:
Network Operations Center, Road Runner (NO789-ORG) abuse@RR.COM
Road Runner
Northridge II
13241 Woodland Park Road
Herndon, VA 22071
US
(703) 345-3416
Fax- - (703) 345-2517

i really dunno if this can help but its all i can do in 5 minutes

Woaaa
thanks a lot!!

I think we can all agree they are just DNS replies.

I have a RH6.2 box routing internet to my home's PC's (total of 6). I run ipchains for firewalling and squid for proxying. It seems at the moment it denies more stuff than it should http://www.sysopt.com/forum/smile.gif, but I don't see why DNS sends tcp specific SYN (i.e. connection) packets.

I was hacked on a saturday night during the US-China airplane crisis by some chineese people. No harm done, they just popped in, sent an email with the contents of my ifconfig and passwd (the IP details and the encrypted user passwords files) to some email address in china, and only found out because I monitor all emails leaving the server. Luckily since the server is set up for internal mail only, they never got it but just the idea they got root access on my box makes me feel bad.

They were able to get access as my firewall was down that day to allow to have norton antivirus updated (couldn't be bothered to check specific IPs so just shut the firewall down -bad idea) and out of coinsidence my TCP wrappers where not set up!!

Take care

24.50.230.97 (oh-northolmstead3a.97.clvhoh.adelphia.net) - Adelphia North Olmstead, OH (outside Cleveland)
142.166.205.243 (ip142166205243.nbtel.net) - NBTel New Brunswick, Canada
65.80.14.71 (adsl-80-14-71.mia.bellsouth.net) - Bellsouth DSL Miami, FL
24.22.84.49 (cc19297-a.taylor1.mi.home.com) - @Home Miami, Fl (The trace on this one went all over)
24.163.10.178 (gso163-10-178.triad.rr.com) - Roadrunner Washington, DC
24.164.105.90 (net24-164-105-090.neo.rr.com) - Roadrunner Cleveland, OH

The only thing that concerns me a little is that at least 4/6 are broadband. That seems a like too much of a coincidence for 'innocent' traffic. Just my .02c...

[This message has been edited by MadMatt (edited 06-26-2001).]

This goes to Booya...I am impressed with your info finding skills. What site can I go to or software can I buy to get a more accurate reading of who is bouncing off my firewall????

Thanks a lot!!

now you're right, too much of a coinsidence

(here come the helicopters again).

What do you reckon??

Hey guys, that info can be found at http://www.visualware.com/visualroute/index.html Its a pretty neat site...you can see where you are, too! More info than I thought one could easily get on the web by just an IP. Happy Hunting! Just try the live demo.

Timbob

[This message has been edited by Timbob505 (edited 06-26-2001).]

Check out GRC.com if you haven;t already. THey gut is a security freak. Some really good reading on his dealings with DDoS attacks by pre-teen hackers

booya:

5 minutes!! That is still a lot of information..Good job.

hey darknyt follow timbot505 web page and u wont be sorry that what i use if the page is down there is many more server for visual route

oops sorry for the 2 reply http://www.sysopt.com/forum/smile.gif

dont make me shy those info were so easy 2 find

really anyone could do it with the visual route web page its a very nice tool

of course i have other tool but this one is the funnyest with the map and everything

A great little program that does all that and more is Sam Spade, free download at:
http://www.samspade.org

http://www.pc-help.org/trace.htm

Also another great tracer program.

Don't forget NeoTrace: http://www.neotrace.com/