l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Jan 29 17:35

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] [OT] Report Hackers?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] [OT] Report Hackers?



On Wed, 28 Jan 2004, Robert G. Scofield wrote:

> This evening my son was on the family computer (Win98) and in an hour and a 
> half got two messages from Norton Firewall stating that someone at 
> 130.161.43.249 was trying to connect to a port commonly used by a Trojan 
> horse.  The second time the IP address was 130.161.43.249: 3392.

In both cases, the IP address portion is the same.  In the second
instance, it shows the port number (most likely of the source).  Source
port numbers are almost always assigned "randomly", so they don't mean
much.  The destination port is typically the most interesting, since they
typically get used by a particular application (though sometimes different
applications will claim the same port, which the sysadmin has to reconcile
if he wants to run both).

> I assume that this is a dynamically assigned address and that it's not 
> possible to figure out who the hacker is.  But is one supposed to report 
> these IP addresses somewhere?  Or does one just forget about it?

Actually "dig -x 130.161.43.249" reports that it is coming from
p2p-measure.ubicom.tudelft.nl, which suggests that your son may have been
using a peer-to-peer application to communicate with a server that was
confirming that he was NOT infected with that trojan.  From the name, it
may have something to do with an online game by Ubisoft. Anyway, check the
terms of service for the p2p application he was using... it should say
something about scanning you as a requirement for using the service.

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!