http://www.dslreports.com/forum/r20929896 en Tue, 08 Dec 2009 18:11:15 EDT Tue, 08 Dec 2009 18:11:15 EDT http://www.dslreports.com/forum/remark,20929896 koma3504 : It is a good thing i always have a command prompt up and running with netstat 3

I caught trillian connecting to these 2 ip addresses
113.86.159.72 and here 114.86.159.72 on 20 of 26 accounts that I have sighned in.

The odd thing is I cannot do a traceroute past
dist1-vlan130.rcsntx.sbcglobal.net
I suppose it could be a aprt of the ATT scans i have been getting again
Date: 08/10 05:39:03 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 76.202.10.126:n/a -> 76.203.228.132:n/a
References: 1

Date: 08/10 08:08:45 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 76.202.10.126:n/a -> 76.203.228.132:n/a
References: 1

Date: 08/10 10:36:13 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 76.202.10.126:n/a -> 76.203.228.132:n/a
Date: 08/10 13:05:50 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 76.202.10.126:n/a -> 76.203.228.132:n/a
References: 1

Date: 08/10 14:23:28 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 76.200.216.27:n/a -> 76.203.228.132:n/a



05:18:58 ppp0 » - TCP 144.160.130.16 30554 76.203.228.132 50001

15:06:31 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71 137(NETBIOS-NS)
15:06:32 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71 137(NETBIOS-NS)
15:06:34 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71 137(NETBIOS-NS)
15:06:37 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71 137(NETBIOS-NS)
15:06:38 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71
lookup block 99.13.99.71 137(NETBIOS-NS)
15:06:40 ppp0 » - UDP 99.13.99.73 137(NETBIOS-NS) 99.13.99.71
lookup block 99.13.99.71 137(NETBIOS-NS)
15:06:41 ppp0 » - TCP 99.13.99.73 1389 99.13.99.71
lookup block 99.13.99.71 80(WWW-HTTP)
15:07:02 ppp0 » - UDP 99.13.99.73 1133 99.13.99.71 161(SNMP)
15:07:04 ppp0 » - UDP 99.13.99.73 1133 99.13.99.71 161(SNMP)
15:07:19 ppp0 » - TCP 99.13.99.73 5000 99.13.99.71 80(WWW-HTTP)
15:07:21 ppp0 » - TCP 99.13.99.73 5000 99.13.99.71 80(WWW-HTTP)
15:07:23 ppp0 » - TCP 99.13.99.73 5000 99.13.99.71 8080
15:07:26 ppp0 » - TCP 99.13.99.73 5000 99.13.99.71 8080
15:07:37 ppp0 » - UDP 99.13.99.73 5000 99.13.99.71 137(NETBIOS-NS)
15:07:37 ppp0 » - UDP 99.13.99.73 5000 99.13.99.71 138(NETBIOS-DGM)
15:07:37 ppp0 » - UDP 99.13.99.73 5000 99.13.99.71 10421
15:07:37 ppp0 » - UDP 99.13.99.73 5000 99.13.99.71
lookup block 99.13.99.71 10426

after being attacked by 99.13.99.73
I had some iedw errors and all ie windows closed out/froze
And i had lost the DHCP ip address that my smoothwall box has been giving out to my router for as long as i can rember since the last install.
And FYI: I am already using Opendns dns numbers hardcoded in smoothwall. As well as just applied the latest patch which include

This update corrects several minor problems with SmoothWall Express 3.0 and a number of theoretical vulnerabilities

dnsmasq upgraded to 2.45, to correct a theoretical DNS cache poisoning issue.
openssl: 0.9.8h
openssh: 5.1p1
squid: 2.6.STABLE21
apache: 1.3.41
mod_ssl: 2.8.31
miniupnpd: 20080710
dhcp: 3.0.7.
Clam AV: 0.93.3
Fix for the IMSpector log viewer under Firefox 3.
Fix for installing updates via the old "push" method.

when there is some Att hops after that node

4 13 ms * 12 ms dist1-vlan130.rcsntx.sbcglobal.net [151.164.162.130]

5 14 ms 15 ms 11 ms 151.164.93.188
6 14 ms 12 ms 15 ms ex1-p12-0.eqdltx.sbcglobal.net [151.164.40.29]
7 21 ms 13 ms 13 ms asn10310-10-yahoo.eqdltx.sbcglobal.net [151.164.250.
10]
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!!The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!!!!]]> http://www.dslreports.com/forum/remark,20929896 Sun, 10 Aug 2008 17:55:00 EDT