Hacker Attack?

[PowerYoga]

in the past minute this ip address scanned my computer over 200 times...

216.17.89.86

and my firewall sait it blocked the port scan.

here's some of the text

FWIN,2002/03/09,00:36:56 -6:00 GMT,12.230.74.36:18373,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:37:56 -6:00 GMT,12.230.74.36:18434,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:38:34 -6:00 GMT,151.30.197.201:3484,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:41:34 -6:00 GMT,158.152.155.250:3054,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:42:51 -6:00 GMT,12.252.125.19:19411,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:42:56 -6:00 GMT,12.230.74.36:18712,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:43:17 -6:00 GMT,12.230.74.36:18740,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:47:56 -6:00 GMT,12.230.74.36:19009,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:48:37 -6:00 GMT,12.230.74.36:19042,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:50:01 -6:00 GMT,158.152.155.250:3197,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:50:21 -6:00 GMT,12.252.125.19:19649,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:51:31 -6:00 GMT,151.30.197.201:3568,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:52:05 -6:00 GMT,24.141.171.185:1035,216.17.89.86:137,UDP
FWIN,2002/03/09,00:52:56 -6:00 GMT,12.230.74.36:19301,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:53:56 -6:00 GMT,12.230.74.36:19356,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:57:53 -6:00 GMT,12.252.125.19:20007,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:57:56 -6:00 GMT,12.230.74.36:19595,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:58:15 -6:00 GMT,151.30.197.201:3603,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:58:47 -6:00 GMT,158.152.155.250:3361,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:59:20 -6:00 GMT,12.230.74.36:19667,216.17.89.86:1214,TCP (flags:S)
FWOUT,2002/03/09,01:00:59 -6:00 GMT,216.17.89.86:2207,216.17.3.121:53,UDP
FWIN,2002/03/09,01:02:56 -6:00 GMT,12.230.74.36:19880,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:04:44 -6:00 GMT,12.230.74.36:19967,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:05:05 -6:00 GMT,151.30.197.201:3645,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:05:25 -6:00 GMT,12.252.125.19:20322,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:07:29 -6:00 GMT,158.152.155.250:3627,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:07:56 -6:00 GMT,12.230.74.36:20157,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:10:04 -6:00 GMT,12.230.74.36:20269,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:10:44 -6:00 GMT,210.23.235.202:1901,216.17.89.86:21,TCP (flags:S)
FWIN,2002/03/09,01:12:56 -6:00 GMT,12.252.125.19:20450,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:12:56 -6:00 GMT,12.230.74.36:20430,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:14:44 -6:00 GMT,151.30.197.201:3691,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:10 -6:00 GMT,12.230.74.36:20537,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:38 -6:00 GMT,12.230.74.36:20560,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:56 -6:00 GMT,158.152.155.250:3840,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:20:26 -6:00 GMT,12.252.125.19:20564,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:21:03 -6:00 GMT,12.230.74.36:20860,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:22:08 -6:00 GMT,12.230.74.36:20916,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:22:38 -6:00 GMT,12.230.74.36:20962,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:23:08 -6:00 GMT,12.230.74.36:20994,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:24:42 -6:00 GMT,158.152.155.250:4003,216.17.89.86:1214,TCP (flags

---

YGM and PM. Info in our records suggests this was not a hacker attack.

AnandTech Moderator

 

[altonb1]

This might not help a lot, but here is what I could find about that IP:

<PRE>US Internet Corp (NETBLK-USINET-BLK)
12450 Wayzata Boulavard12450
Minnatonka, MN 55305
US

Netname: USINET-BLK
Netblock: 216.17.0.0 - 216.17.95.255
Maintainer: USIC

Coordinator:
Lange, Kurt (KL476-ARIN) hostmaster@usinternet.com
952-253-3200 (FAX) 952-545-0302

Domain System inverse mapping provided by:

NS.USINTERNET.COM 205.219.138.11
NS2.USINTERNET.COM 205.219.138.81

Record last updated on 28-Jun-2001.
Database last updated on 9-Mar-2002 19:56:49 EDT.

</PRE>

 

[PowerYoga]

i found that too but its not too useful. US Internet services didn't have anything where you can look up an ip address and their technical support is for customers only. I also realized when i sign on to Kazaa the pinging/attack stops. Any more ideas?

 

[altonb1]

Kazaa has spy-ware. Get rid of it and use Morpheus.

Otherwise, umm, I have no idea. You say it STOPS when you begin using Kazaa? That sounds odd, actually.... i would think it would be the other way around. Kazaa has an option to include ping times in with your search results, so opening kazaa would create more ping activity when people search for files and find a match on your system.

 

[PowerYoga]

i removed the spyware from kazaa, and morpheus is down for the time being.
It DOES stop after i load up kazaa... strange, yes?

 

[Funkatron969]

Why in the world would some one want to use Kazaa it's full of spy ware. But it's you're system and not mine so go ahead and use it but hey if you want to remove that spy-ware bd theres a couple of crack sites that give a how to guide.

I'd say search on Google for the the sites.

But i'd stick to Morpheus or Direct Connect

 

[n0cmonkey]

What port does KAZAA sit on? 18373? If so, they seem to think you are connected when you arent. Those are wierd ports for someone to be scanning...