[Dshield] Proof of hacker. What do I do?

Henriksen, Ron RHENRIKSEN at wintrust.com
Mon Aug 26 16:53:17 GMT 2002


Do you use Symantec Antivirus Corp Edition ?

-----Original Message-----
From: Linda [mailto:godawgs47 at ellijay.com]
Sent: Monday, August 26, 2002 10:00 AM
To: list at dshield.org
Subject: [Dshield] Proof of hacker. What do I do?


TCP d2f2t6:nbsession d2f2t6:0 LISTENING
 TCP d2f2t6:2068 d2f2t6:0 LISTENING
TCP d2f2t6:2070 d2f2t6:0 LISTENING
TCP d2f2t6:2073 d2f2t6:0 LISTENING
TCP d2f2t6:2074 d2f2t6:0 LISTENING
TCP d2f2t6:2068 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2070 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2073 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2074 unknown.level3.net:80 ESTABLISHED
UDP d2f2t6:nbname *:*
UDP d2f2t6:nbdatagram *:*
UDP d2f2t6:1978 *:*
What I did was install TCPVIEW. THen I went into netstat. What I think is
being stopped at my firewall is not being stopped. They are into dos.
Here is my event log that corresponds with this.
2002/08/24 20:50:05 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1074
Port 1074 (TCP)
2002/08/24 20:35:48 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1075
Port 1075 (TCP)

I didn't get it all copies over because there are 8 entries on the firewall
in a row.

There are also large files showing up that I don't know what they are.

Help!

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

**********************************************************************




More information about the list mailing list