Someone At Earthlink Trying To Hack Into My PC?

Forums » Up and Running » Security » Security » Someone At Earthlink Trying To Hack Into My PC?


Uniqs: 340	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

How to turn off Data Execution Prevention in SP2 »
« HJT Log -serious problems after several scans

disorder
Useful Idiot
Premium
join:2003-04-16
Alexandria, VA
clubs:

Someone At Earthlink Trying To Hack Into My PC?

Moments ago I was surfing around the web and all of a sudden I get an alert that someone was trying to access my pc in other words trying to hack into it. Anyways I look through the logs and I found out that it was coming from Earthlink... could it be someone that was actually connected to the service or the actual building that someone was working in.

Anyways here is the log I saved...
I'm becoming very suspicious becuase I never got this ever, especially from a ISP.

OrgID: ERDS
CustName: EarthLink Network, Inc.
Street: 1375 PEACHTREE ST, LEVEL A
City: ATLANTA
StateProv: GA
Country: US
PostalCode: 30309
RegDate: 1999-11-17
Updated: 2002-10-10
OrgAbuseHandle: ABUSE60-ARIN
OrgAdminHandle: DAE4-ARIN
OrgTechHandle: ELNK-ORG-ARIN

NetHandle: NET-216-249-64-0-1
OrgID: ERDS
Parent: NET-216-0-0-0-0
NetName: EARTHLINK-NET3
NetRange: 216.249.64.0 - 216.249.111.255
NetType: allocation
RegDate: 1999-11-17
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Updated: 2003-03-26
NameServer: DNS1.EARTHLINK.NET
NameServer: DNS2.EARTHLINK.NET
TechHandle: DAE4-ARIN

TechHandle: DAE4-ARIN
TechName: Domain Administrator, Administrator
TechPhone: +1-404-815-0770
TechEmail: arinpoc@corp.earthlink.net

OrgAbuseHandle: ABUSE60-ARIN
OrgAbuseName: ABUSE TEAM
OrgAbusePhone: +1-404-815-0770
OrgAbuseEmail: abuse@abuse.earthlink.net

OrgTechHandle: ELNK-ORG-ARIN
OrgTechName: EarthLink, Inc.
OrgTechPhone: +1-404-815-0770
OrgTechEmail: arin_tech@lists.corp.earthlink.net

OrgAdminHandle: DAE4-ARIN
OrgAdminName: Domain Administrator, Administrator
OrgAdminPhone: +1-404-815-0770
OrgAdminEmail: arinpoc@corp.earthlink.net
--
“I will find the center in you, I will chew it up and leave. I will elevate you, just enough to bring you down.” —Maynard James Keenan

permalink · 2004-09-08 15:53:37 · Print ·

nevertheless Premium,VIP join:2002-03-08 Burlington, ON	Re: Someone At Earthlink Trying To Hack Into My PC What log?
	permalink · 2004-09-08 15:54:37 ·

disorder Useful Idiot Premium join:2003-04-16 Alexandria, VA clubs: 2 edits	oops, I posted the wrong one, anyways that info should be enough right?
	permalink · 2004-09-08 16:00:34 ·

nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON

·Cogeco Cable

Re: Someone At Earthlink Trying To Hack Into My PC

said by disorder :
oops, I posted the wrong one, anyways that info should be enough right?

No. That's just the ARIN information for Earthlink, ie: how to contact that ISP on an administrative level.
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh?

permalink · 2004-09-08 16:01:43 · Print ·

disorder Useful Idiot Premium join:2003-04-16 Alexandria, VA clubs: 1 edit	Re: Someone At Earthlink Trying To Hack Into My PC Ah... I see soo it should be someone using the actual service then. Where could I get the full log on my pc? I want to know the f*ck that was trying to do this...
	permalink · 2004-09-08 16:03:06 ·

nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON

·Cogeco Cable

Re: Someone At Earthlink Trying To Hack Into My PC

said by disorder :
Ah... I see soo it should be someone using the actual service then. Where could I get the full log on my pc?

Most likely it's simply a user of theirs that's been scanning you, and your firewall has kindly looked up the administrative contact info for you.

said by disorder :
I want to know the f*ck that was trying to do this...

Earthlink won't tell you, that would violate their subscriber confidentiality agreement.

It doesn't really matter, odds are it's simply another worm, virus, or trojan doing it's automated scanning.

Go into your firewall again, find the log(s) that gets you timestamp, port information (both source and destination) and email that to their abuse contact listed in their ARIN information.
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh?

permalink · 2004-09-08 16:05:53 · Print ·

Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA

Re: Someone At Earthlink Trying To Hack Into My PC

said by nevertheless :
Go into your firewall again, find the log(s) that gets you timestamp, port information (both source and destination) and email that to their abuse contact listed in their ARIN information.

No, please don't: users who don't know how to read firewall logs put an awful burden on abuse departments.

Much better is to use the myNetWatchman service, where your firewall logs are submitted to a central server, and summarized logs are sent to the ISPs. This makes it much easier on the ISP because they get everything in one deliverable.

It's free and easy.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

permalink · 2004-09-08 16:22:41 · Print ·

disorder Useful Idiot Premium join:2003-04-16 Alexandria, VA clubs: 1 edit	Re: Someone At Earthlink Trying To Hack Into My PC Thanks steve I will surely check it out.
	permalink · 2004-09-08 17:08:42 ·

nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON

·Cogeco Cable

said by Steve :
Much better is to use the myNetWatchman service, where your firewall logs are submitted to a central server, and summarized logs are sent to the ISPs. This makes it much easier on the ISP because they get everything in one deliverable.

I wsa going to get to that, but I find it's easier to make them see how annoying and how much of a hassle it is to do this whole thing the first time.

--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh?

permalink · 2004-09-08 21:20:45 · Print ·

Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA

Re: Someone At Earthlink Trying To Hack Into My PC

said by nevertheless :
I was going to get to that, but I find it's easier to make them see how annoying and how much of a hassle it is to do this whole thing the first time.

So to make your point you sic him on a poor, defenseless abuse desk?

Maybe we should start sending stuff to you at abuse@cogeco.ca?

--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

permalink · 2004-09-08 21:33:38 · Print ·

nevertheless Premium,VIP join:2002-03-08 Burlington, ON ·Cogeco Cable	Re: Someone At Earthlink Trying To Hack Into My PC said by Steve : Maybe we should start sending stuff to you at abuse@cogeco.ca? Many of the people in this forum already do--via Mynetwatchman! -- Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh?
	permalink · 2004-09-08 21:34:39 · Print ·

AzN_dude @net.au	burn his ass
	permalink · 2004-09-14 03:27:51 ·

your comment..

Forums » Up and Running » Security » Security	How to turn off Data Execution Prevention in SP2 » « HJT Log -serious problems after several scans


Thursday, 26-Nov 00:35:08	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF