Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-06-2004, 10:48 AM   #1
Beta Member
 
Join Date: Aug 2004
Posts: 4
Default Getting Hacked

Can somebody help me please.
I have sygate personal firewall and since last week I keep getting port scanned by this one user hundreds of times his IP is 82.36.113.183 and he scans these ports all the time:
5554, 1433, 3410, 139 , 6129 5001, 5002, 5003, 5004 5005 445, 6129, 139, 3410 and 5554
can anyone help me as to what is going on and how to stop it.
THANKS
__________________

fcuk_jg is offline   Reply With Quote
Old 08-06-2004, 12:13 PM   #2
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,007
Default Re: Getting Hacked

the person is a blue yonder cable customer.
their specific node is
82-36-113-183.cable.ubr03.king.blueyonder.co.uk.

the ports are (according to) http://www.iana.org/assignments/port-numbers
sgi-esphttp 5554/tcp SGI ESP HTTP
ms-sql-s 1433/tcp Microsoft-SQL-Server
netbios-ssn 139/udp NETBIOS Session Service
# 6124-6140 Unassigned
commplex-link 5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
fmpro-internal 5003/tcp FileMaker, Inc. - Proprietary transport
fmpro-internal 5003/udp FileMaker, Inc. - Proprietary name binding
# Clay Maeckel <clay_maeckel@filemaker.com>
avt-profile-1 5004/tcp avt-profile-1
avt-profile-1 5004/udp avt-profile-1
avt-profile-2 5005/tcp avt-profile-2
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# 6124-6140 Unassigned

networklenss 3410/tcp NetworkLens SSL Event
networklenss 3410/udp NetworkLens SSL Event

For the SQL (1433) if it was only on this port I'd say it was the SQL slammer (or variant) worm,
the guy is looking to port 139 to try to find the name of your machine, simply the amount of services he/she/it is looking for, (even to the extent they are looking for services that don't have properly assigned ports) tells me that this is (most likely definitly) a hacker.

Your only course of action would be to report this to blue yonder...

Don't hope for too much luck though, I once reported a guy running hacking scripts against the webserver at the company I work for to BT (nslookup showed the address belonged to a BT customer) they simply emailed me back to say port scanning and running illicit scripts against a server isn't illegal, and there was nothing they could do, unless we could proove that one of their customers had actually hack our machines gained entry and either stole erased or oftherwise chaged data...
-from the UKs largest ISP I found that a shocking response.
__________________

root is offline   Reply With Quote
Old 08-06-2004, 01:22 PM   #3
Golden Master
 
135791's Avatar
 
Join Date: May 2004
Location: No
Posts: 5,427
Send a message via MSN to 135791
Default Re: Getting Hacked

thts stupid so wot you wait till they do hack you and trash your comp before they will do soming about it

keep back ups of your stuff just incase some one does get through
135791 is offline   Reply With Quote
Old 08-07-2004, 06:48 AM   #4
Beta Member
 
Join Date: Aug 2004
Posts: 4
Default

I found a worm on my computer called winsyst (something to do with a program called win spy) and I have deleted that
so far I havnt been scanned could that of been what was causing the port scanning.
fcuk_jg is offline   Reply With Quote
Old 08-07-2004, 08:41 AM   #5
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,007
Default Re: Getting Hacked

Yes, that basically what they said, I guess they were right though... attempted entry is not a crime, It'd be like getting arrested for knocking on a door to find out who's home.
Loads of backups are kept, but it's not really the point, what if a business didn't know they had been hacked? People could be backing up backup after backup of a hacked computer
root is offline   Reply With Quote
Old 08-08-2004, 05:09 PM   #6
Golden Master
 
135791's Avatar
 
Join Date: May 2004
Location: No
Posts: 5,427
Send a message via MSN to 135791
Default Re: Getting Hacked

yes but still knocking on a door is different to attempting to enter some one elses computer
it would be more like attempting to knock down the door breaking in is tht illegal...
135791 is offline   Reply With Quote
Old 08-15-2004, 03:42 AM   #7
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,312
Default Re: Getting Hacked

Root.....couldn't he just block those ports?...
or does he need them open for the service he's getting?
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 08-15-2004, 06:04 AM   #8
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,007
Default Re: Getting Hacked

I don't know what services he is running, but it's quite safeto assume you can block all service ports unless you are actually running a service.
I expect that he's already got the ports blocked (because the firewall is reporting attempted conections rather than allowing connections.)

If you want to find out how good our firewall is, and what ports etc are open you should go to www.grc.com and take the shields up test.
root is offline   Reply With Quote
Old 08-15-2004, 11:26 PM   #9
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,312
Default Re: Getting Hacked

good point root...
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 08-31-2004, 03:03 PM   #10
Golden Master
 
135791's Avatar
 
Join Date: May 2004
Location: No
Posts: 5,427
Send a message via MSN to 135791
Default Re: Getting Hacked

http://img.photobucket.com/albums/v3...114620/gfd.jpg

ok traced him so how do i take lagal matters
he has atempted 18 times to get in
__________________

135791 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:56 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0