[SOLVED] Hack Attempt

bremner · 03-17-2009, 10:39 PM

Hi,

I think some one has attempted to hack my ms 2003 server

Just wondering if some one could take a look at the attached file and tell me what they think. The attached file is a log from a netcomm nb6 modem/router which acts as the main gateway for my users and server.

I have traced most of the ip addresses and they seem to be from china bar a few.
Any Information anyone could give would really be appreciated

grue155 · 03-18-2009, 08:36 PM

Yes, these look like port probes. But, there's nothing unique about them as this seems to be the usual junk on the Internet these days. The dayjob DMZ routers see very much the same thing. If you don't have services available on the respective ports, the probes are harmless. Occasionally interresting reading, but harmless.

bremner · 03-19-2009, 08:13 AM

thanks for the info

**kinbard** · 03-19-2009, 08:42 AM

Looks like some port scanning. Can't get on the internet now a days without it happening.

derek_jones_36 · 03-29-2009, 05:52 AM

Aren't there firewalls out there that use stealth modes for the available ports so they can't be probed??

Jones

grue155 · 03-30-2009, 12:24 PM

Wouldn't make any difference. The dayjob routers record probes aimed at IP addresses that aren't attached to any hardware. A lot of the probe packets are from zombie machines, and they will simply scan a block of addresses whether there is anything there to be scanned or not.

Firewalls that are in stealth mode simply don't return error messages (ICMP unreachable packets) when a probe comes in to a port that isn't listening for anything. The firewall either blocks the inbound packet, or eats the outbound ICMP packet, or both.

03-18-2009, 08:36 PM	#2 (permalink)
grue155 Registered User Join Date: May 2008 Posts: 240 OS: LAN Herder	Re: Hack Attempt Yes, these look like port probes. But, there's nothing unique about them as this seems to be the usual junk on the Internet these days. The dayjob DMZ routers see very much the same thing. If you don't have services available on the respective ports, the probes are harmless. Occasionally interresting reading, but harmless.

03-19-2009, 08:13 AM	#3 (permalink)
bremner Registered User Join Date: Jun 2008 Posts: 160 OS: Server 2003	Re: Hack Attempt thanks for the info

03-19-2009, 08:42 AM	#4 (permalink)
kinbard TSF Enthusiast Join Date: Jun 2006 Location: Texas Posts: 3,459 OS: Experimenter	Re: Hack Attempt Looks like some port scanning. Can't get on the internet now a days without it happening. __________________ Half viking, half pirate, stronger than both XP Repair Malware Removal Vista Repair Downgrade Vista

03-29-2009, 05:52 AM	#5 (permalink)
derek_jones_36 Registered User Join Date: Nov 2008 Location: Toronto, Ontario, Canada Posts: 475 OS: Windows Vista Ultimate 64 bit SP2 My System	Re: Hack Attempt Aren't there firewalls out there that use stealth modes for the available ports so they can't be probed?? Jones __________________ "Look at it this way...If Everyone Lived Forever, where would you Park?"

03-30-2009, 12:24 PM	#6 (permalink)
grue155 Registered User Join Date: May 2008 Posts: 240 OS: LAN Herder	Re: Hack Attempt Wouldn't make any difference. The dayjob routers record probes aimed at IP addresses that aren't attached to any hardware. A lot of the probe packets are from zombie machines, and they will simply scan a block of addresses whether there is anything there to be scanned or not. Firewalls that are in stealth mode simply don't return error messages (ICMP unreachable packets) when a probe comes in to a port that isn't listening for anything. The firewall either blocks the inbound packet, or eats the outbound ICMP packet, or both.