T
TomMoorehouse
Guest
I was asked recently do people actually try to hack in to the intlwaters.com server? You bet they do! You should see some of our log files. Almost every day someone tries to access/hack our ftp server. ZoneAlarm does a great job of displaying hack attempts. I have recently started using a program called VisualZone. It is a free ZoneAlarm log file analyser. It is a very nice program. If you run ZoneAlarm You might want to check it out http://www.visualizesoftware.com
I don't know how but a hacker today was able to make the server hang because of an access attempt to the mysql daemon that was stopped by ZoneAlarm. Nothing bad came of it as ZoneAlarm stopped it. However it did kill the main page and forum untill I was able to clear and deny the access attempt with the ZoneAlarm alert dialog.
Here is a little bit from todays logfile with this attackers ip:
I did send an abuse report email to the domains technical contact.
I don't know how but a hacker today was able to make the server hang because of an access attempt to the mysql daemon that was stopped by ZoneAlarm. Nothing bad came of it as ZoneAlarm stopped it. However it did kill the main page and forum untill I was able to clear and deny the access attempt with the ZoneAlarm alert dialog.
Here is a little bit from todays logfile with this attackers ip:
I did send an abuse report email to the domains technical contact.
Code:
IP address: 206.77.144.56
Unauthorized access attempts:
NETBIOS Name Service
Date & Time: 2002/10/31 22:10:00 (-8:00 GMT)
Time Zone: Pacific Standard Time
UDP from port 1783 to port 137
Victim IP: 216.227.12.237
NETBIOS Session Service
Date & Time: 2002/10/31 22:10:02 (-8:00 GMT)
Time Zone: Pacific Standard Time
TCP (flags:S) from port 1806 to port 139
Victim IP: 216.227.12.237
MSFT DS, SMB Server Message Block
Date & Time: 2002/10/31 22:10:02 (-8:00 GMT)
Time Zone: Pacific Standard Time
TCP (flags:S) from port 1816 to port 445
Victim IP: 216.227.12.237
RPC Remote Procedure Call
Date & Time: 2002/10/31 22:10:02 (-8:00 GMT)
Time Zone: Pacific Standard Time
UDP from port 1801 to port 135
Victim IP: 216.227.12.237
NETBIOS Name Service
Date & Time: 2002/10/31 22:10:04 (-8:00 GMT)
Time Zone: Pacific Standard Time
UDP from port 1801 to port 137
Victim IP: 216.227.12.237
NETBIOS Datagram Service
Date & Time: 2002/10/31 22:10:04 (-8:00 GMT)
Time Zone: Pacific Standard Time
UDP from port 1801 to port 138
Victim IP: 216.227.12.237
MSFT DS, SMB Server Message Block
Date & Time: 2002/10/31 22:10:04 (-8:00 GMT)
Time Zone: Pacific Standard Time
UDP from port 1801 to port 445
Victim IP: 216.227.12.237
This individual attempted to access my computer 7 times.
ZoneAlarm personal firewall log entries:
type,date,time,source,destination,transport,count
FWIN,2002/10/31,22:10:00,-8:00,206.77.144.56,1783,216.227.12.237,137,UDP,1
FWIN,2002/10/31,22:10:02,-8:00,206.77.144.56,1806,216.227.12.237,139,TCP (flags:S),1
FWIN,2002/10/31,22:10:02,-8:00,206.77.144.56,1816,216.227.12.237,445,TCP (flags:S),1
FWIN,2002/10/31,22:10:02,-8:00,206.77.144.56,1801,216.227.12.237,135,UDP,1
FWIN,2002/10/31,22:10:04,-8:00,206.77.144.56,1801,216.227.12.237,137,UDP,1
FWIN,2002/10/31,22:10:04,-8:00,206.77.144.56,1801,216.227.12.237,138,UDP,1
FWIN,2002/10/31,22:10:04,-8:00,206.77.144.56,1801,216.227.12.237,445,UDP,1