Common Ground - Novogate.com

A Special Message for Common Ground Members

It has come to my attention that email address may be being harvested here for the purpose of distributing unsolicited pornography. Please remove all references to your email address when visiting. If you are currently receiving illegal pornographic unsolicited email, please send a PM (Personal Message) to the Administrator. My apologies for this inconvenience.

Common Ground

Author

Message

Common Ground / Security Blanket - Computer Questions / ISP thread?
Page: 1 2

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-02-02 09:59 PM

Should we be combining these into one thread? It would sure make it easier to check some of these pings against some that others are getting.

King Unca Bubba Lord DisneyTex

Lunarlady
Cast Member

Posts: 1629
Registered: Aug 2002

Posted 09-03-02 08:04 AM

Great idea, Crank!

Here are the most common addresses from the hackers that attempted my computer:

209.202.218.131
209.202.218.129
209.202.218.122
216.136.233.134
216.136.224.142

A whole week of peaceful bliss, beginning with a giggle and ending with a kiss.

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-03-02 08:37 AM

A few others that have been posted

62.234.82.141
128.121.26.136
61.131.28.64
61.131.28.95

King Unca Bubba Lord DisneyTex

Tink *~*~*
Cast Member

Posts: 1066
Registered: Aug 2002

Posted 09-03-02 10:56 PM

And let us not forget the infamous intruder from Hamburg, which is how I formed my recent clean undies deficit (watching in fascination this hacking exercise while I was supposed to be at the laundromat)

195.143.215.170

Tink *~*~*

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-04-02 07:55 AM

217.225.102.101

getting hammered this am.

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-04-02 07:55 PM

207.218.206.32

a pm one

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-05-02 10:34 AM

24.29.0.157

this am

King Unca Bubba Lord DisneyTex

Lunarlady
Cast Member

Posts: 1629
Registered: Aug 2002

Posted 09-05-02 03:51 PM

Oddly enough, since my report to my ISP, I haven't been a 'victim' of repeated probings. Hmmm....wonder why?

A whole week of peaceful bliss, beginning with a giggle and ending with a kiss.

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 09-05-02 08:36 PM

80.11.32.43

the fun continues

King Unca Bubba Lord DisneyTex

Tink *~*~*
Cast Member

Posts: 1066
Registered: Aug 2002

Posted 09-05-02 11:17 PM

quote:
Coastalwader wrote:
24.29.0.157

this am

I believe that IP addresses that start with a "24" are optimum online. Did you run a "whois" on this?

Tink *~*~*

Mousefan
Cast Member

Posts: 111
Registered: Aug 2002

Posted 09-06-02 04:36 PM

213.189.81.16

Just attempted to activate a trojan horse on my system. Firewall blocked it. This traces back to qualitynet.net in Kuwait.

I emailed them to find out where to file my abuse report. I'm also forwarding it to AOL's fraud people as well.

Amy

MidNite
Cast Member

Posts: 263
Registered: Aug 2002

Posted 09-06-02 06:39 PM

You guys should get Neotrace. Go to download.com and do a search. It's shareware.

[Edited by MidNite]

MidNite's °o° Disney Dreaming

Robey
Cast Member

Posts: 1023
Registered: Aug 2002

Posted 09-28-02 10:49 PM

quote:
Mousefan wrote:
213.189.81.16

Just attempted to activate a trojan horse on my system. Firewall blocked it. This traces back to qualitynet.net in Kuwait.

I emailed them to find out where to file my abuse report. I'm also forwarding it to AOL's fraud people as well.

Amy

Amy..did a trace at:

This originated in Santa Clara, CA

I always wondered why somebody didn't do something about that. Then I realized I was somebody. --Lily Tomlin

TnDizNut
Cast Member

Posts: 287
Registered: Aug 2002

Posted 09-29-02 11:09 AM

I have done a trace on over half the ip's in my firewall log and every one of them...starts in santa clara, ca. now this seems a bit odd to me and granted I am a novice at this stuff but there has to be an explanation...could that be a major "hub" so to speak for the internet? I find it hard to beleive that would be targeting my pc as i mostly lurked over at 's site and I don't get involved with any of the debates here...I just don't get it. I even did a trace on a couple outgoing alerts from my pc and it shows santa clara as well tracing backwards to first hop....so now i'm REALLY confused by all this tracing stuff.
* banging head against wall*

TnDizNut (AKA Mermaid and chief resident of the good ship sticky Mickey Hottub who is sensitive to phrases like ...tuna melt... tunaBABE...poached salmon...stuffed flounder so on and so forth )

check here for avatars, PM me if you find one you like somewhere else and I will upload it to the site for you http://home.bellsouth.net/p/PWP-DiznutsRus

check out my other home where you can get some great disney buddy icons for aim at http://www.realdisney.com

judy
Cast Member

Posts: 413
Registered: Aug 2002

Posted 09-29-02 11:23 PM

64.12.32.34

from Santa Clara California

I also found "spyware" files on my computer
[Edited by judy]

judy

dizneemom
Cast Member

Posts: 90
Registered: Aug 2002

Posted 09-30-02 09:14 AM

This AM:

147.208.171.131

Santa Clara, CA

Hmmmm.....

Judy and Amy,
I traced the IPs you gave as well as numerous "hits" I had this AM all back to the same source in Santa Clara (see above).

I did a whois and came up with this:

147.208.171.131
Host unreachable

147.208.171.128 - 147.208.171.191

Symantec Corporation
10201 Torre Avenue Cupertino, CA 95014
United States

Chambers, Renee
+1-503-614-7906
sscadmin@symantec.com

SYMANTEC-INTELONLINE
Created: 2001-03-12
Updated: 2002-04-23
Source: whois.arin.net

It's interesting that they all originate in the same place but I don't know what the connection might be.

[Edited by dizneemom]

Lisa D
----------------------------------------
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- Albert Einstein (1879-1955)

annie
Cast Member

Posts: 321
Registered: Aug 2002

Posted 09-30-02 02:32 PM

This is from the Symantic Trace A Potential Attack FAQ:

12. Does the trace originate from my computer or the Symantec Security Check server?
The trace originates from the Symantec Security Check server.

Symantic's security server is located in Santa Clara, which is why everyone is tracing back to Santa Clara (including me...)

I'm no expert, but I think this is the wrong tree we're barking up!

"Are the fires of Hell a-glowing? Is the grisly reaper mowing? Who can provide the world with the answer to these pressing questions?"

"The candy man can," Rumsfeld added grimly.

TnDizNut
Cast Member

Posts: 287
Registered: Aug 2002

Posted 09-30-02 07:13 PM

quote:
annie wrote:
This is from the Symantic Trace A Potential Attack FAQ:

12. Does the trace originate from my computer or the Symantec Security Check server?
The trace originates from the Symantec Security Check server.

Symantic's security server is located in Santa Clara, which is why everyone is tracing back to Santa Clara (including me...)

I'm no expert, but I think this is the wrong tree we're barking up!

Your exactly right, robey rec'd an email back from them (intel) saying they host symantecs website so all searches from the traceroute system done on symantec website will show as santa clara being the first hop, they said that queries need to be made to the IP in the last hop as that is the one that was actually trying to gain access or blocked by firewall.

TnDizNut (AKA Mermaid and chief resident of the good ship sticky Mickey Hottub who is sensitive to phrases like ...tuna melt... tunaBABE...poached salmon...stuffed flounder so on and so forth )

Crank
Administrator

Posts: 1957
Registered: Aug 2002

Posted 10-02-02 01:34 PM

quote:
TnDizNut wrote:

Your exactly right, robey rec'd an email back from them (intel) saying they host symantecs website so all searches from the traceroute system done on symantec website will show as santa clara being the first hop, they said that queries need to be made to the IP in the last hop as that is the one that was actually trying to gain access or blocked by firewall.

Another good online traceroute:

http://security1.norton.com/ssc/vr_...WYDMGJCDBXWVPGC

I like persons better than principles, and I like persons with no principles better than anything else in the world.
Oscar Wilde, The Picture of Dorian Gray, 1891

BOYCOTT FRENCH TOAST, GERMAN SAUSAGE AND BELGIAN CHOCOLATES

Crank-->

All Content is © the Poster and is to be considered Intellectual Property. All Rights Reserved. Though Brilliant, Breathtaking and Extrememly Well Written the Content contained herein is Opinion and Opinion only.

ib4cruzn at charter dot net

Crank
Administrator

Posts: 1957
Registered: Aug 2002

Posted 10-02-02 01:45 PM

quote:
Coastalwader wrote:
207.218.206.32

a pm one

Hey, this one comes from Houston!

"Everyone's Internet, Inc."

Created on..............: Thu, Oct 29, 1998
Expires on..............: Thu, Oct 28, 2010
Record last updated on..: Wed, Aug 29, 2001

Administrative Contact:
Everyone's Internet
Robert Marsh
2600 Southwest Freeway
Houston, TX 77098
US
Phone: 713-400-5400
Fax..: 713-942-9332
Email: ram@ev1.net

Technical Contact:
Everyone's Internet
Robert Marsh
2600 Southwest Freeway
Houston, TX 77098
US
Phone: 713-400-5400
Fax..: 713-942-9332
Email: ram@ev1.net

Zone Contact:
Everyone's Internet
Robert Marsh
2600 Southwest Freeway
Houston, TX 77098
US
Phone: 713-400-5400
Fax..: 713-942-9332
Email: ram@ev1.net

Domain servers in listed order:

NS2.EV1.NET 216.88.77.7
NS1.EV1.NET 216.88.76.6

Crank
Administrator

Posts: 1957
Registered: Aug 2002

Posted 10-02-02 01:55 PM

quote:
Lunarlady wrote:
Great idea, Crank!

We're interchangeable...

Robey
Cast Member

Posts: 1023
Registered: Aug 2002

Posted 10-02-02 02:08 PM

quote:
TnDizNut wrote:
Your exactly right, robey rec'd an email back from them (intel) saying they host symantecs website so all searches from the traceroute system done on symantec website will show as santa clara being the first hop, they said that queries need to be made to the IP in the last hop as that is the one that was actually trying to gain access or blocked by firewall.

I should have posted it here. Thanks.
Several whoopings for me.....
Here it is:

Intel host the Norton site, and as such we always show up as one of the first hops on a traceroute when you click "show details". This in no way indicates that we would have anything to do with an attack. You are
only interested in the last two hops in determining the source of an attack. If you still have security concerns and would like us to look into something that you believes originates from a network Intel owns, more complete information such as router logs, source address and ports, and packet traces if possible are required.
[Edited by Robey]

I always wondered why somebody didn't do something about that. Then I realized I was somebody. --Lily Tomlin

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-07-02 09:51 AM

quote:
Coastalwader wrote:
A few others that have been posted

62.234.82.141
128.121.26.136
61.131.28.64
61.131.28.95

I have been remiss in adding isp's here. I've been getting an average of 10-12 a day for at least a week. I just got tired of keeping track of the isp's. They seem to stop when I start posting them. So, back to posting them.
62.211.226.33
67.82.175.32
24.166.23.76

Someone on address cm195.248.120.24.lvcm.com [24.120.248.195] wants to send ICMP packet to your machine

[Edited by Coastalwader]

King Unca Bubba Lord DisneyTex

Susan
Cast Member

Posts: 60
Registered: Aug 2002

Posted 11-07-02 05:05 PM

Here are the one's I have been hit with today:

65.135.31.186
62.211.226.33
68.65.67.203
195.248.120.24
141.157.166.166
209.79.197.59

This is more activity than I have seen in a single day.

Susan

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-07-02 05:15 PM

Susan and I have two matches today.

ANYBODY??????????????

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-07-02 09:18 PM

Someone on address ip68-105-130-205.tc.ph.cox.net [68.105.130.205] wants to send ICMP packet to your machine

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-07-02 10:05 PM

Someone from 200.68.181.5, port 2859 wants to send UDP datagram to port *** owned by 'Generic Host Process for Win32 Services' on your computer

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-07-02 10:31 PM

Someone on address dsl-11-137.tenforward.com [65.161.11.137] wants to send ICMP packet to your machine

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-11-02 06:35 AM

Someone on address ool-4352aefa.dyn.optonline.net [67.82.174.250] wants to send ICMP packet to your machine

Someone from 211.114.116.253, port 1042 wants to send UDP datagram to port *** owned by 'Generic Host Process for Win32 Services' on your computer

Someone on address adsl-216-102-105-78.dsl.scrm01.pacbell.net [216.102.105.78] wants to send ICMP packet to your machine

Someone on address AC97E0B9.ipt.aol.com [172.151.224.185] wants to send ICMP packet to your machine

Someone from 210.68.113.36, port 1616 wants to send UDP datagram to port *** owned by 'Generic Host Process for Win32 Services' on your computer

King Unca Bubba Lord DisneyTex

Coastalwader
Cast Member

Posts: 935
Registered: Aug 2002

Posted 11-11-02 06:38 AM

King Unca Bubba Lord DisneyTex

Common Ground / Security Blanket - Computer Questions / ISP thread?
Page: 1 2