|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Fwd: [Fw: Ive been broken into ]
From: JEFF WATSON (jeff_watson
USA.NET)Date: Wed Jul 05 2000 - 15:35:58 CDT
- Next message: Dan Hollis: "Re: scan log and subsequent response from the host's ISP"
- Previous message: Pauel Loshkin: "Re: scan log and subsequent response from the host's ISP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Guys,
When looking at the time stamps of all the log entrys, does appear of verify
that I have been used or owned ??
Thanks in Advance,
Jeff
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
attached mail follows:
----- Original Message -----
From: "Technical Support" <gb-supportgta.com>
To: "vista33" <vista33email.msn.com>
Sent: Saturday, July 01, 2000 5:14 PM
Subject: Re: Ive been broken into
> Hello Mr. Watson,
>
> You will need to supply your GNAT Box serial number and, version along
with
> your software configuration in order for us to be able to assist you.
>
> However, this looks like one of your internal hosts is trying to connect
> outbound to three different computers on port 137. Which is used for
> Netbios. You may wish to check why the computer is trying to make these
> outbound connections.
>
> Technical Support
>
> At 01:25 PM 7/1/00 -0500, you wrote:
> >Please give Hello I think that I have been broken into and USED and
ABUSED
> >
> >Please look at these log snippets. I humbly ask for your opions..and what
I
> >should do about ---- Small Office Network
> >
> >
> >Please give me your feedback and suggestions.
> >
> >Suggestions,
> >Jeff Watson
> >
> >" I configed the FW as per icsa.net's lab proceedures.
> >-----------look at the precise log times---
> >-----------strange 61900------------------firewall log-snips-----
> >
> >16 5 Jun 19 18:27:26 NAT: Open UDP
> >[192.168.1.10/137]->[208.236.23.69/808]->[205.160.199.2/137].
> >16 5 Jun 19 18:27:27 NAT: Close UDP
> >[192.168.1.10/137]->[208.236.23.69/808]->[205.160.199.2/137] Pkts 1 0,
Bytes
> >78 0.
> >16 5 Jun 19 18:27:28 NAT: Open UDP
> >[192.168.1.10/137]->[208.236.23.69/807]->[205.160.199.2/137].
> >-------------------------------------------
> > 5 Jun 19 18:11:24 NAT: Open UDP
> >[192.168.1.10/137]->[208.236.23.69/1023]->[206.69.91.116/137].
> >16 5 Jun 19 18:11:25 NAT: Close UDP
> >[192.168.1.10/137]->[208.236.23.69/1023]->[206.69.91.116/137] Pkts 1 0,
> >Bytes 78 0.
> >16 5 Jun 19 18:11:26 NAT: Open UDP
> >[192.168.1.10/137]->[208.236.23.69/1022]->[206.69.91.116/137].
> >16 5 Jun 19 18:11:27 NAT: Close UDP
> >[192.168.1.10/137]->[208.236.23.69/1022]->[206.69.91.116/137] Pkts 1 0,
> >Bytes 78 0.
> >
> >----------------------------------Zone alarm log snips
> >
> >PE,2000/06/19,17:17:12 -6:00 GMT,Microsoft Synchronization
> >Manager,127.0.0.1:1848,N/A
> >FWIN,2000/06/19,18:10:12 -6:00 GMT,206.69.91.116:0,192.168.1.10:0,ICMP
> >FWIN,2000/06/19,18:10:32 -6:00 GMT,206.69.91.100:137,192.168.1.10:137,UDP
> >
> >--------------------------
> >
> >
> >Humbly,
> >JW
> >
> >
>
> Technical Support Email: gb-supportgta.com
> Global Technology Associates, Inc. Telephone: Tel: +1.407.380.0220
> 3505 Lake Lynda Drive Web: http://www.gta.com
> Suite 109 http://www.gnatbox.com
> Orlando, Florida 32817
> USA
>
>
- Next message: Dan Hollis: "Re: scan log and subsequent response from the host's ISP"
- Previous message: Pauel Loshkin: "Re: scan log and subsequent response from the host's ISP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]