Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

 Winnukes, SYN Flood and IP Spoofing, Internet Abuse

views
     
TSDailyfree
post Aug 1 2007, 01:47 PM, updated 19y ago

New Member
*
Newbie
3 posts

Joined: Jul 2007
I have a problem locating the the criminals who are trying their utmost best to interrupt my downloads and e-mail access.

I have the logs from my Modem listed below. Can anyone help as This has been going on for awhile now and all my e-mails to Streamyx only gets me automated replies. Come to think of it, the attacks have become worse after I e-mailed them???????

01/01/1970 00:00:12> PPP1 PPPoE Session is established.
01/01/1970 00:00:15> PPP1 PAP Authentication success
01/01/1970 00:00:15> PPP1: PPP IP address is 124
01/01/1970 00:00:15> PPP1: PPP Gateway IP address is 219.93.218.177
01/01/1970 00:00:15> PPP1: DNS Primary IP address is 202.188.0.133
01/01/1970 00:00:15> PPP1: DNS Secondary IP address is 202.188.1.5
01/01/1970 00:00:15> NAT/NAPT Session Start: interface ppp1, WAN IP is 124
01/01/1970 00:00:15> No Static Session Information is defined.
01/01/1970 00:00:15> Firewall received interface change notice.
01/01/1970 00:00:16> DNS: Add IP address 202.188.0.133 (Auto discovered)
01/01/1970 00:00:16> DNS: Add IP address 202.188.1.5 (Auto discovered)
01/01/1970 00:00:16> PPP1 Session is up.
07/31/2007 00:11:37> Received time from Time Server 128.138.140.44
07/31/2007 00:13:02> Firewall:Winnuke detected,from 124.82.63.193

01/01/1970 00:00:16> PPP1 PPPoE Session is established.
01/01/1970 00:00:16> PPP1 PAP Authentication success
01/01/1970 00:00:16> PPP1: PPP IP address is 124
01/01/1970 00:00:16> PPP1: PPP Gateway IP address is 219.93.218.177
01/01/1970 00:00:16> PPP1: DNS Primary IP address is 202.188.0.133
01/01/1970 00:00:16> PPP1: DNS Secondary IP address is 202.188.1.5
01/01/1970 00:00:16> NAT/NAPT Session Start: interface ppp1, WAN IP is 124
01/01/1970 00:00:16> No Static Session Information is defined.
01/01/1970 00:00:16> Firewall received interface change notice.
01/01/1970 00:00:17> DNS: Add IP address 202.188.0.133 (Auto discovered)
01/01/1970 00:00:17> DNS: Add IP address 202.188.1.5 (Auto discovered)
01/01/1970 00:00:17> PPP1 Session is up.
08/01/2007 10:44:00> Received time from Time Server 128.138.140.44
08/01/2007 10:48:27> Firewall:Winnuke detected,from 124.82.89.83 to 124
08/01/2007 10:48:30> Firewall:Winnuke detected,from 124.82.89.83 to 124
08/01/2007 10:50:26> Firewall:Winnuke detected,from 124.82.87.26 to 124
08/01/2007 10:50:29> Firewall:Winnuke detected,from 124.82.87.26 to 124
08/01/2007 11:28:31> Firewall:Winnuke detected,from 124.79.114.164 to 124

Any help on how to trace an IP?


Thanks
The_Lestat
post Aug 1 2007, 04:18 PM

Getting Started
**
Junior Member
198 posts

Joined: Jul 2007
use whois to find out what company the IP address belongs to and then report the IP using the Abuse link.

http://www.networksolutions.com/whois/

not sure if there is a way to findout directly if they are spoofing that address
bryanyeo87
post Aug 1 2007, 04:57 PM

Below the Belt
*******
Senior Member
3,175 posts

Joined: May 2006
if your interested, and living around pj area, i can teach u how to counter attack using linux brows.gif, but i suspect that there is a trojan in ur pc which is enabling them to track ur ip changes

This post has been edited by bryanyeo87: Aug 1 2007, 04:57 PM
The_Lestat
post Aug 1 2007, 10:56 PM

Getting Started
**
Junior Member
198 posts

Joined: Jul 2007
Interesting, I get theses attacks too occasionally. Not an issue to me as my hw firewall just blocks all the attacks and ignores them.

Countering the attack would be fun though wink.gif . I am not in the PG area though, are then online resources you know of that show the process?

Added on August 1, 2007, 10:57 pmI think they use torrent to get my IP

This post has been edited by The_Lestat: Aug 1 2007, 10:57 PM
hkpoh
post Aug 2 2007, 04:48 PM

Casual
***
Junior Member
311 posts

Joined: Jul 2005
From: Negeri Sembilan
"Winnuke detected" doesnt mean they r u using winnuke, it's written there because 124.79.114.164 is connecting using port 6670. open a command com (cmd.exe), and then net view to check if there is a any wierd port is established. If yes, then u have to scan ur pc oledi.
TSDailyfree
post Aug 5 2007, 10:55 AM

New Member
*
Newbie
3 posts

Joined: Jul 2007
QUOTE(hkpoh @ Aug 2 2007, 04:48 PM)
"Winnuke detected" doesnt mean they r u using winnuke, it's written there because 124.79.114.164 is connecting using port 6670. open a command com (cmd.exe), and then net view to check if there is a any wierd port is established. If yes, then u have to scan ur pc oledi.
*
How then is it possible to that I see these in my Firewall log:

FWROUTE,2007/08/05,09:55:00 +8:00 GMT,10.0.0.2:0,10.0.0.9:0,ICMP (type:8/subtype:0)
FWROUTE,2007/08/05,09:55:00 +8:00 GMT,10.0.0.9:1053,10.0.0.2:53,UDP
FWIN,2007/08/05,09:55:16 +8:00 GMT,124.82.90.64:4693,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,09:56:08 +8:00 GMT,124.18.90.188:4352,10.0.0.9:135,TCP (flags:S
FWIN,2007/08/05,09:57:58 +8:00 GMT,190.17.64.6:1256,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:00:24 +8:00 GMT,60.50.27.13:4273,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:00:42 +8:00 GMT,67.85.90.63:62523,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:00:44 +8:00 GMT,67.85.90.63:62637,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:00:58 +8:00 GMT,124.82.8.27:4517,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:02:16 +8:00 GMT,124.82.8.27:4375,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:02:34 +8:00 GMT,190.17.64.6:2675,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:03:06 +8:00 GMT,71.184.220.89:49175,10.0.0.9:54906,TCP (flags:S)
FWIN,2007/08/05,10:03:28 +8:00 GMT,190.17.64.6:4851,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:03:32 +8:00 GMT,60.50.86.164:7109,10.0.0.9:14469,UDP
FWIN,2007/08/05,10:03:50 +8:00 GMT,124.82.1.245:3760,10.0.0.9:135,TCP (flags:S)
FWIN,2007/08/05,10:04:06 +8:00 GMT,124.188.244.76:3288,10.0.0.9:5900,TCP (flags:S)
FWIN,2007/08/05,10:04:10 +8:00 GMT,190.17.64.6:2339,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:04:26 +8:00 GMT,60.241.227.138:2966,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:04:40 +8:00 GMT,81.234.142.16:63133,10.0.0.9:8603,UDP
FWIN,2007/08/05,10:05:34 +8:00 GMT,190.17.64.6:1294,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:05:58 +8:00 GMT,124.82.12.89:3811,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:06:00 +8:00 GMT,60.241.227.138:3044,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:06:02 +8:00 GMT,67.85.90.63:63195,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:06:04 +8:00 GMT,67.85.90.63:63310,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:06:10 +8:00 GMT,67.85.90.63:63411,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:06:52 +8:00 GMT,77.64.9.133:55974,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:07:30 +8:00 GMT,190.17.64.6:4965,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:08:44 +8:00 GMT,124.82.12.89:4954,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:08:44 +8:00 GMT,124.82.10.65:1857,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:08:46 +8:00 GMT,124.82.94.169:3208,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:09:32 +8:00 GMT,190.17.64.6:1433,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:10:14 +8:00 GMT,190.17.64.6:2899,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:10:28 +8:00 GMT,83.25.206.36:0,10.0.0.9:0,ICMP (type:8/subtype:0)
FWIN,2007/08/05,10:10:40 +8:00 GMT,67.85.90.63:63992,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:10:42 +8:00 GMT,67.85.90.63:60014,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:10:48 +8:00 GMT,67.85.90.63:60074,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:12:06 +8:00 GMT,190.17.64.6:2604,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:12:16 +8:00 GMT,190.17.64.6:3329,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:12:16 +8:00 GMT,124.82.12.89:3980,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:13:08 +8:00 GMT,190.17.64.6:4809,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:13:12 +8:00 GMT,124.82.1.245:4304,10.0.0.9:135,TCP (flags:S)
FWIN,2007/08/05,10:13:30 +8:00 GMT,89.137.132.168:57091,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:14:12 +8:00 GMT,124.82.12.89:3409,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:15:06 +8:00 GMT,210.10.164.85:63205,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:15:06 +8:00 GMT,210.10.164.85:22958,10.0.0.9:7962,UDP
FWIN,2007/08/05,10:16:40 +8:00 GMT,124.82.90.64:3561,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:16:54 +8:00 GMT,124.82.90.64:4491,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:17:16 +8:00 GMT,190.17.64.6:1637,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:17:34 +8:00 GMT,221.4.255.140:17074,10.0.0.9:22715,UDP
FWIN,2007/08/05,10:17:38 +8:00 GMT,190.17.64.6:2370,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:18:22 +8:00 GMT,67.85.90.63:60600,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:18:24 +8:00 GMT,67.85.90.63:60709,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:18:26 +8:00 GMT,190.17.64.6:3839,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:18:30 +8:00 GMT,67.85.90.63:60816,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:18:58 +8:00 GMT,190.17.64.6:1343,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:19:40 +8:00 GMT,89.137.132.168:17986,10.0.0.9:7962,UDP
FWIN,2007/08/05,10:20:10 +8:00 GMT,218.171.151.183:2119,10.0.0.9:32000,TCP (flags:S)
FWIN,2007/08/05,10:21:10 +8:00 GMT,190.17.64.6:1818,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:21:24 +8:00 GMT,62.40.68.58:2697,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:21:32 +8:00 GMT,190.17.64.6:2569,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:21:50 +8:00 GMT,124.82.8.27:2936,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:21:52 +8:00 GMT,190.17.64.6:3310,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:22:20 +8:00 GMT,190.17.64.6:4062,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:22:52 +8:00 GMT,124.82.8.27:3894,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:23:06 +8:00 GMT,124.82.8.27:4397,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:23:48 +8:00 GMT,67.85.90.63:61201,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:23:50 +8:00 GMT,67.85.90.63:61317,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:23:56 +8:00 GMT,67.85.90.63:61395,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:23:58 +8:00 GMT,82.5.176.101:1919,10.0.0.9:59200,TCP (flags:S)
FWIN,2007/08/05,10:24:00 +8:00 GMT,82.5.176.101:26882,10.0.0.9:59200,UDPA
FWIN,2007/08/05,10:24:46 +8:00 GMT,81.234.142.16:62417,10.0.0.9:8603,UDP
FWIN,2007/08/05,10:24:46 +8:00 GMT,82.5.92.120:63458,10.0.0.9:7962,UDP
FWIN,2007/08/05,10:24:58 +8:00 GMT,218.111.161.46:2523,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:25:00 +8:00 GMT,218.111.161.46:17960,10.0.0.9:7962,UDP
FWIN,2007/08/05,10:25:10 +8:00 GMT,190.17.64.6:2088,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:27:12 +8:00 GMT,77.64.9.133:57863,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:27:26 +8:00 GMT,124.82.8.27:1720,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:29:26 +8:00 GMT,124.82.84.52:2741,10.0.0.9:135,TCP (flags:S)
FWIN,2007/08/05,10:29:52 +8:00 GMT,72.152.186.111:50138,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:30:26 +8:00 GMT,217.164.187.144:60716,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:30:38 +8:00 GMT,67.85.90.63:61835,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:30:40 +8:00 GMT,67.85.90.63:61951,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:30:50 +8:00 GMT,190.17.64.6:2253,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:31:06 +8:00 GMT,70.22.111.169:3178,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:31:42 +8:00 GMT,190.17.64.6:3752,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:32:04 +8:00 GMT,124.82.62.127:1247,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:32:18 +8:00 GMT,190.17.64.6:1273,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:33:14 +8:00 GMT,124.82.8.27:3749,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:34:12 +8:00 GMT,67.85.90.63:62433,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:34:16 +8:00 GMT,124.82.94.169:3559,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:34:22 +8:00 GMT,67.85.90.63:62593,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:35:36 +8:00 GMT,81.158.30.179:54514,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:36:50 +8:00 GMT,190.17.64.6:3038,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:36:50 +8:00 GMT,69.145.130.47:44082,10.0.0.9:6346,UDP
FWIN,2007/08/05,10:38:00 +8:00 GMT,124.82.62.219:3690,10.0.0.9:135,TCP (flags:S)
FWIN,2007/08/05,10:38:04 +8:00 GMT,190.17.64.6:1294,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:38:24 +8:00 GMT,124.82.8.27:3663,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:38:38 +8:00 GMT,124.82.8.27:3390,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:38:50 +8:00 GMT,69.181.143.33:4622,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:39:02 +8:00 GMT,67.85.90.63:62999,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:39:12 +8:00 GMT,67.85.90.63:63171,10.0.0.9:22715,TCP (flags:S)
FWIN,2007/08/05,10:39:44 +8:00 GMT,190.17.64.6:1085,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:39:56 +8:00 GMT,124.82.94.169:4653,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:40:00 +8:00 GMT,124.82.12.89:3811,10.0.0.9:445,TCP (flags:S)
FWIN,2007/08/05,10:40:44 +8:00 GMT,190.17.64.6:3386,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:41:16 +8:00 GMT,190.17.64.6:4114,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:41:36 +8:00 GMT,220.238.184.92:2551,10.0.0.9:7962,TCP (flags:S)
FWIN,2007/08/05,10:41:50 +8:00 GMT,124.82.84.52:1739,10.0.0.9:135,TCP (flags:S)
FWIN,2007/08/05,10:42:12 +8:00 GMT,190.17.64.6:2453,10.0.0.9:7962,TCP (flags:S)
hkpoh
post Aug 6 2007, 01:38 AM

Casual
***
Junior Member
311 posts

Joined: Jul 2005
From: Negeri Sembilan
by looking at the log file, most of the external IP is trying to connect thru port 22715, 7962. do u have any application running like Net-SynchroEdit-Service?
« Next Oldest · Security & Privacy · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0157sec    0.25    5 queries    GZIP Disabled
Time is now: 25th December 2025 - 02:15 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.