[Dshield] Proof of hacker. What do I do?

Linda godawgs47 at ellijay.com
Mon Aug 26 14:59:47 GMT 2002


TCP d2f2t6:nbsession d2f2t6:0 LISTENING
 TCP d2f2t6:2068 d2f2t6:0 LISTENING
TCP d2f2t6:2070 d2f2t6:0 LISTENING
TCP d2f2t6:2073 d2f2t6:0 LISTENING
TCP d2f2t6:2074 d2f2t6:0 LISTENING
TCP d2f2t6:2068 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2070 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2073 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2074 unknown.level3.net:80 ESTABLISHED
UDP d2f2t6:nbname *:*
UDP d2f2t6:nbdatagram *:*
UDP d2f2t6:1978 *:*
What I did was install TCPVIEW. THen I went into netstat. What I think is
being stopped at my firewall is not being stopped. They are into dos.
Here is my event log that corresponds with this.
2002/08/24 20:50:05 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1074
Port 1074 (TCP)
2002/08/24 20:35:48 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1075
Port 1075 (TCP)

I didn't get it all copies over because there are 8 entries on the firewall
in a row.

There are also large files showing up that I don't know what they are.

Help!




More information about the list mailing list