Post by lfl91 on Jun 21, 2006 0:18:17 GMT -5
I copied these posts from another site that indicates they are apparently getting hacked from the same address that we suspect hit a few of us on the AE board. I wonder if we have anything in common.
Author Date Posted Tools
john albrich Mar 09, 2006, 11:27 PM Message - Profile - Add Buddy - Alert Moderators
Within the past week or so, my system started reporting hacking attempts against my computer.
The source is identifed as
222.122.52.102:xxxx, where xxxx varies with each attempt.
Anyone else seeing this? (trying to determine if this is a widespread attack or targeted)
====================================
"You can't expect to wield supreme executive power just because some watery tart threw a sword at you."--Monty Python
Mr. McFly Mar 09, 2006, 11:32 PM Message - Profile - Add Buddy - Alert Moderators
Re: Recent hacking attempts by 222.122.52.102.xxxx
As long as your firewall(s) is/are taking care of it, I wouldn't even worry about it. That could be almost anything, even just a ping. BTW, the number after the colon is the remote port number.
Post Edited On: Mar 09, 2006, 11:33 PM
_______ www.openwrt.org _______
AMD Athlon 64 3200+ Venice (2.60 GHz)
DFI LANParty UT nF4 Ultra-D
2GB G.SKILL Extreme Series (DDR520, 3-4-3-8 1T)
connect3D ATI Radeon X800GTO (R423, 16p, 540/1060)
Windows XP Professional x64 Edition
Matt Tonner Mar 10, 2006, 12:26 AM Message - Profile - Add Buddy - Alert Moderators
Re: Recent hacking attempts by 222.122.52.102.xxxx
are you wireless? could be someone trying to 'borrow' bandwidth.
__________________________
| Specs of my computer in bio. |
a a Mar 10, 2006, 01:07 AM Message - Profile - Add Buddy - Alert Moderators
Re: Recent hacking attempts by 222.122.52.102.xxxx
hack his a$$ back ! or just don't care about it lol
john albrich Mar 10, 2006, 02:08 AM Message - Profile - Add Buddy - Alert Moderators
Re: Recent hacking attempts by 222.122.52.102.xxxx
I used the "xxxx" because I realize its just sub-port IDs running under the same base address. Since it's going to keep changing, I saw no point in being specific for those 4 digits. This might not even be the original source if someone's covering their tracks.
I know this happens, and I'll keep up the security, but I'm really more interested in if this hacker is trying to hack a lot of computers or just onesy-twoesy piddling stuff. It's new repeating activity, so I thought there could be something else to it. And, if a number of other people were all recently getting touched by the same entity it would put it into a more significant category.
Now this has me wondering if the various security software companies compile any info of this type when/if they get security reports from user computers, and if they do, what they do with it (like report it to the feds, etc.)? In other words, does any one try to go after these attackers actively, or do they all just sit back and only write defense software.
If I wrote the security software, I'd tell the user a lot more than just an address. I'd go out and get the info on the originating country (or with as much granularity as possible) , send an inquiry to the security software company to see if this tracks with any known scams, spyware injectors, etc, and let the user know exactly what's going on and what kind of potential threat it might represent.
Just essentiallly telling someone "Hey, this is a HIGH THREAT to your computer security, and here's the address" and then nothing ...seems kind of lame, unproductive, and it would likely needlessly scare a lot of casual users to the point where they panic. But, maybe that's the objective...to keep them in a state of panic so they'll keep buying every piece of security software on the planet.
Guess it's research time.
====================================
"You can't expect to wield supreme executive power just because some watery tart threw a sword at you."--Monty Python
Michael Adames-Hill Mar 10, 2006, 03:15 AM Message - Profile - Add Buddy - Alert Moderators
Re: Recent hacking attempts by 222.122.52.102.xxxx
John,
The IP is registered to the Asia Pacific Network Information Centre in Australia. If you are on a dynamic high-speed connection such as mine is: check your IP, disconnect the modem for a few seconds, and turn it back on to obtain a new IP. (This works for me on SBC, not sure how other ISPs do things.) If things continue I'd consider looking into things deeper.
Kind regards,
Michael Adames-Hill