WTF? Is someone trying to hack me?

[Mork]

I've gotten about 35 alerts from ZA saying this guy has been probing my ports. I did a WHOIS and its some dude in the University of Oklahoma. Should I complain to the Admin @ UO?

 

[Russ]

Which ports? He may not even know he's doing it; could be a trojan he contracted that's scanning your subnet.

Russ, NCNE

 

[hzl eyed grl]

<< I've gotten about 35 alerts from ZA saying this guy has been probing my ports. I did a WHOIS and its some dude in the University of Oklahoma. Should I complain to the Admin @ UO? >>


You mean you didn't feel him probing your ports? :Q

 

[Mork]

Well, Here's ZA's log

FWIN,2002/01/29,17:35:59 -8:00 GMT,129.15.122.21:3201,xxxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:03 -8:00 GMT,129.15.122.21:51485,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:20 -8:00 GMT,129.15.122.21:53840,xxxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:25 -8:00 GMT,129.15.122.21:3098,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:33 -8:00 GMT,129.15.122.21:48026,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:36 -8:00 GMT,129.15.122.21:48928,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:36:48 -8:00 GMT,129.15.122.21:3335,xxxxxxx80,TCP (flags:S)

FWIN,2002/01/29,17:37:08 -8:00 GMT,129.15.122.21:38367,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:37:33 -8:00 GMT,129.15.122.21:12311,xxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:37:33 -8:00 GMT,68.52.89.153:62426,xxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:37:36 -8:00 GMT,129.15.122.21:16369,xxxxx80,TCP (flags:S)

FWIN,2002/01/29,17:37:42 -8:00 GMT,129.15.122.21:47447,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:38:16 -8:00 GMT,129.15.122.21:36587,xxxxxxx,TCP (flags:S)

FWIN,2002/01/29,17:38:17 -8:00 GMT,129.15.122.21:58035,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:38:18 -8:00 GMT,129.15.122.21:32457,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:38:35 -8:00 GMT,129.15.122.21:35273,xxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:38:51 -8:00 GMT,129.15.122.21:59571,xxxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:39:03 -8:00 GMT,129.15.122.21:4727,xxxxx:80,TCP (flags:S)

FWIN,2002/01/29,17:39:25 -8:00 GMT,129.15.122.21:27330,xxxxxx:80,TCP (flags:S)


xxxxxxx= my ip

 

[Adul]

You must dirty now.

 

[Mork]

<< You must dirty now. >>





Ok . .. . . .?

You some Saigon whore?

 

[rayma2]

<<

<< I've gotten about 35 alerts from ZA saying this guy has been probing my ports. I did a WHOIS and its some dude in the University of Oklahoma. Should I complain to the Admin @ UO? >>


You mean you didn't feel him probing your ports? :Q >>




LOL

 

[Bulk Beef]

<<

<< You must dirty now. >>





Ok . .. . . .?

You some Saigon whore? >>

Me love you long time.:Q

 

[UberNeuman]

Mork - could you shut off your firewall for a couple seconds... I just want to check something...

 

[Maleficus]

ph33r the AOl h4x0rz

 

[Russ]

Mork,

Since it's all port 80, it looks like Code Red or one of it's variants. Since it's coming from a college, it's probably some numbnuts kid running an un-patched IIS server dishing up FTP to his buddies. I get hundreds of these a day to my servers.

YES, report his lame ass.

Russ, NCNE

 

[Mork]

Russ, how would i go about reporting him? Should I eMail the admin @ OU?

 

[Russ]

Yep. Be sure and include the IP address and a note that you think it's probably Code Red. The more of these idiots we can get off the web, the better.

Russ, NCNE

 

[tim0thy]

haha... i just put up an IIS server and patched it up to all the hotfixes before putting in the ethernet wire. haha... first thing... that numbnut virus and code blah.

 

[stev0]

this is off topic..but..

Russ... you must be some sort of an all-knowing computer god.

 

[Russ]

stev0,

Not hardly. As each day passes, I realize that I know more and more about less and less. By the time I die, I will know everything about nothing.

Russ, NCNE

 

[pyonir]

<< stev0,

Not hardly. As each day passes, I realize that I know more and more about less and less. By the time I die, I will know everything about nothing.

Russ, NCNE >>


you already know everything about nothing don't you?

 

[Beau]

<<

<< stev0, Not hardly. As each day passes, I realize that I know more and more about less and less. By the time I die, I will know everything about nothing. Russ, NCNE >>

you already know everything about nothing don't you? >>



Nope reverse that..... Nothing about Everything...

 

[kulki]

Russ eventhough at times ur extremely annoying ur good when it comes to computers. The only time u make sense is when u talk about computers.

 

[Russ]

<< The only time u make sense is when u talk about computers. >>



kulki,

I always make sense. It is not my fault that your brain is still in the formulative stage and is frequently incapable of grasping the complicated nuance of my words.

Russ, NCNE

 

[Geekbabe]

<< haha... i just put up an IIS server and patched it up to all the hotfixes before putting in the ethernet wire. haha... first thing... that numbnut virus and code blah. >>



a link to where to d/load all the patches and fixes would be muchly appreciated, I'd like to bring my dualie online and I hate hunting thru the MS site.

 

[JediHacker]

Mork whats your ip#? So i can test your firewall

J/K or was I?

 

[Russ]

Jean,

Check here regularly.

While you're at it, grab this tool.

Russ, NCNE

 

[Geekbabe]

<< Jean,

Check here regularly.

While you're at it, grab this tool.

Russ, NCNE >>





Hey thanks



Btw,this puppy rocks

 

[bcterps]

I go to windowsupdate.microsoft.com pretty regularly, as long as I have all the critical updates, etc. I should be ok right? I'll have to try that url scan thing when I get home from work.

--Ben