[Dshield] Proof of hacker. What do I do?

dominiquefiori dominiquefiori at numericable.fr
Tue Aug 27 09:36:04 GMT 2002


No, I just use Sygate Firewall pro, zone alarm pro and symantec nut only on
a third PC as my antivirus is not for servers.

May I ask you a question on your product ? I am now using visuak Zone and
zone Log analyser, I would like to pay the $ 10 required. do i get a CD
shipped or is it download ? If it is only downloadcan I be sure that the guy
who hacked me would not interfere in the soft ? do you have any checksum ?


Kind regards



Dominique



-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Henriksen, Ron
Sent: lundi 26 août 2002 18:53
To: 'list at dshield.org'
Subject: RE: [Dshield] Proof of hacker. What do I do?


Do you use Symantec Antivirus Corp Edition ?

-----Original Message-----
From: Linda [mailto:godawgs47 at ellijay.com]
Sent: Monday, August 26, 2002 10:00 AM
To: list at dshield.org
Subject: [Dshield] Proof of hacker. What do I do?


TCP d2f2t6:nbsession d2f2t6:0 LISTENING
 TCP d2f2t6:2068 d2f2t6:0 LISTENING
TCP d2f2t6:2070 d2f2t6:0 LISTENING
TCP d2f2t6:2073 d2f2t6:0 LISTENING
TCP d2f2t6:2074 d2f2t6:0 LISTENING
TCP d2f2t6:2068 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2070 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2073 unknown.level3.net:80 ESTABLISHED
TCP d2f2t6:2074 unknown.level3.net:80 ESTABLISHED
UDP d2f2t6:nbname *:*
UDP d2f2t6:nbdatagram *:*
UDP d2f2t6:1978 *:*
What I did was install TCPVIEW. THen I went into netstat. What I think is
being stopped at my firewall is not being stopped. They are into dos.
Here is my event log that corresponds with this.
2002/08/24 20:50:05 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1074
Port 1074 (TCP)
2002/08/24 20:35:48 63.210.68.215:80 (unknown.Level3.net) 66.44.192.178:1075
Port 1075 (TCP)

I didn't get it all copies over because there are 8 entries on the firewall
in a row.

There are also large files showing up that I don't know what they are.

Help!

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

**********************************************************************

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list