• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can someone trace this for me?

  • Thread starter Thread starter
  • Start date Start date

Picked up these IPs when I put zone alarm in...need you poeple to trace because Neotrace doesnt work on win2k (at least for me) Also, where do the Neotrace error logs go?

FWIN,2002/07/21,20:04:18 -5:00 GMT,12.250.74.202:1863,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:05:00 -5:00 GMT,12.250.75.137:1672,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:18:58 -5:00 GMT,12.250.168.210:2495,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:29:30 -5:00 GMT,12.250.75.137:4110,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:47:22 -5:00 GMT,12.250.255.144:4067,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:54:56 -5:00 GMT,12.250.74.202:4742,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,20:55:58 -5:00 GMT,12.250.178.49:4406,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,21:04:32 -5:00 GMT,12.250.75.137:2595,192.168.1.100:80,TCP (flags:S)
PE,2002/07/21,21:27:18 -5:00 GMT,Opera Internet Browser (win32),147.208.130.199:80,N/A
PE,2002/07/21,21:28:14 -5:00 GMT,AOL Instant Messenger (SM),64.12.161.153:5190,N/A
FWIN,2002/07/21,21:36:46 -5:00 GMT,12.250.75.137:1148,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,21:38:58 -5:00 GMT,12.250.74.202:3080,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,21:39:28 -5:00 GMT,12.250.255.144:2125,192.168.1.100:80,TCP (flags:S)
PE,2002/07/21,21:45:06 -5:00 GMT,Services and Controller app,63.240.76.4:53,N/A
ACCESS,2002/07/21,21:46:34 -5:00 GMT,,N/A,N/A
ACCESS,2002/07/21,21:46:34 -5:00 GMT,Services and Controller app was temporarily blocked from connecting to the Internet (63.240.76.4😀NS).,N/A,N/A
ACCESS,2002/07/21,21:46:34 -5:00 GMT,Services and Controller app was temporarily blocked from connecting to the Internet (204.127.198.4😀NS).,N/A,N/A
FWIN,2002/07/21,21:47:20 -5:00 GMT,205.188.7.138:5190,192.168.1.100:1362,TCP (flags:S)
PE,2002/07/21,22:20:50 -5:00 GMT,Services and Controller app,63.240.76.4:53,N/A
FWIN,2002/07/21,22:21:18 -5:00 GMT,205.188.7.137:5190,192.168.1.100:1597,TCP (flags:S)
FWIN,2002/07/21,22:21:20 -5:00 GMT,12.250.75.137:2040,192.168.1.100:80,TCP (flags:S)
FWIN,2002/07/21,22:21:40 -5:00 GMT,205.188.7.137:5190,192.168.1.100:1597,TCP (flags:S)
FWOUT,2002/07/21,22:22:02 -5:00 GMT,192.168.1.100:1603,64.12.28.21:5190,TCP (flags:S)
PE,2002/07/21,22:24:26 -5:00 GMT,Internet Explorer,127.0.0.1:1988,N/A
PE,2002/07/21,22:28:02 -5:00 GMT,Services and Controller app,0.0.0.0:1027,N/A
PE,2002/07/21,22:28:02 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:135,N/A
FWIN,2002/07/21,22:33:28 -5:00 GMT,12.250.178.49:1473,192.168.1.100:80,TCP (flags:S)
 
Uh yeah, use tracert. I wouldn't worry about it though, those are mostly going to port 80. Probably some random people checking for sites, or trying to distro viruses.

Armani
 
ok, get to a command prompt.

start --> run...

type cmd

in command prompt window type:

TRACERT <IP>

🙂
 
Taking a quick look at those logs, I can tell that foreign computers STILL infected with NIMDA or Code Red are querying port 80 (HTTP) and trying to infect you in turn.

Nothing you can really do about that except possibly be a good Samatarian and e-mail the providers of each IP address to alert them of the infected machines. Also, if you're running a web server make sure you're all patched up.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top