[Dshield] Proof of hacker. What do I do?
godawgs47 at ellijay.com
Mon Aug 26 14:59:47 GMT 2002
TCP d2f2t6:nbsession d2f2t6:0 LISTENING
TCP d2f2t6:2068 d2f2t6:0 LISTENING
TCP d2f2t6:2070 d2f2t6:0 LISTENING
TCP d2f2t6:2073 d2f2t6:0 LISTENING
TCP d2f2t6:2074 d2f2t6:0 LISTENING
TCP d2f2t6:2068 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2070 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2073 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2074 unknown.level3.net:80 ESTABLISHED
UDP d2f2t6:nbname *:*
UDP d2f2t6:nbdatagram *:*
UDP d2f2t6:1978 *:*
What I did was install TCPVIEW. THen I went into netstat. What I think is
being stopped at my firewall is not being stopped. They are into dos.
Here is my event log that corresponds with this.
2002/08/24 20:50:05 18.104.22.168:80 (unknown.Level3.net) 22.214.171.124:1074
Port 1074 (TCP)
2002/08/24 20:35:48 126.96.36.199:80 (unknown.Level3.net) 188.8.131.52:1075
Port 1075 (TCP)
I didn't get it all copies over because there are 8 entries on the firewall
in a row.
There are also large files showing up that I don't know what they are.
More information about the list