disorder
Useful Idiot
Premium
join:2003-04-16
Alexandria, VA
clubs:
|  Someone At Earthlink Trying To Hack Into My PC?
Moments ago I was surfing around the web and all of a sudden I get an alert that someone was trying to access my pc in other words trying to hack into it. Anyways I look through the logs and I found out that it was coming from Earthlink... could it be someone that was actually connected to the service or the actual building that someone was working in.
Anyways here is the log I saved...
I'm becoming very suspicious becuase I never got this ever, especially from a ISP.
OrgID: ERDS
CustName: EarthLink Network, Inc.
Street: 1375 PEACHTREE ST, LEVEL A
City: ATLANTA
StateProv: GA
Country: US
PostalCode: 30309
RegDate: 1999-11-17
Updated: 2002-10-10
OrgAbuseHandle: ABUSE60-ARIN
OrgAdminHandle: DAE4-ARIN
OrgTechHandle: ELNK-ORG-ARIN
NetHandle: NET-216-249-64-0-1
OrgID: ERDS
Parent: NET-216-0-0-0-0
NetName: EARTHLINK-NET3
NetRange: 216.249.64.0 - 216.249.111.255
NetType: allocation
RegDate: 1999-11-17
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Updated: 2003-03-26
NameServer: DNS1.EARTHLINK.NET
NameServer: DNS2.EARTHLINK.NET
TechHandle: DAE4-ARIN
TechHandle: DAE4-ARIN
TechName: Domain Administrator, Administrator
TechPhone: +1-404-815-0770
TechEmail: arinpoc@corp.earthlink.net
OrgAbuseHandle: ABUSE60-ARIN
OrgAbuseName: ABUSE TEAM
OrgAbusePhone: +1-404-815-0770
OrgAbuseEmail: abuse@abuse.earthlink.net
OrgTechHandle: ELNK-ORG-ARIN
OrgTechName: EarthLink, Inc.
OrgTechPhone: +1-404-815-0770
OrgTechEmail: arin_tech@lists.corp.earthlink.net
OrgAdminHandle: DAE4-ARIN
OrgAdminName: Domain Administrator, Administrator
OrgAdminPhone: +1-404-815-0770
OrgAdminEmail: arinpoc@corp.earthlink.net
--
“I will find the center in you, I will chew it up and leave. I will elevate you, just enough to bring you down.” —Maynard James Keenan |
|
nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON | Re: Someone At Earthlink Trying To Hack Into My PC
What log? |
|
disorder
Useful Idiot
Premium
join:2003-04-16
Alexandria, VA
clubs:
2 edits | reply to disorder
oops, I posted the wrong one, anyways that info should be enough right? |
|
nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON
 ·Cogeco Cable
| said by disorder  :
oops, I posted the wrong one, anyways that info should be enough right?
No. That's just the ARIN information for Earthlink, ie: how to contact that ISP on an administrative level.
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh? |
|
disorder
Useful Idiot
Premium
join:2003-04-16
Alexandria, VA
clubs:
1 edit | Ah... I see soo it should be someone using the actual service then. Where could I get the full log on my pc?
I want to know the f*ck that was trying to do this... |
|
nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON
·Cogeco Cable
| said by disorder :
Ah... I see soo it should be someone using the actual service then. Where could I get the full log on my pc?
Most likely it's simply a user of theirs that's been scanning you, and your firewall has kindly looked up the administrative contact info for you. said by disorder :
I want to know the f*ck that was trying to do this...
Earthlink won't tell you, that would violate their subscriber confidentiality agreement.
It doesn't really matter, odds are it's simply another worm, virus, or trojan doing it's automated scanning.
Go into your firewall again, find the log(s) that gets you timestamp, port information (both source and destination) and email that to their abuse contact listed in their ARIN information.
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by nevertheless :
Go into your firewall again, find the log(s) that gets you timestamp, port information (both source and destination) and email that to their abuse contact listed in their ARIN information.
No, please don't: users who don't know how to read firewall logs put an awful burden on abuse departments.
Much better is to use the myNetWatchman service, where your firewall logs are submitted to a central server, and summarized logs are sent to the ISPs. This makes it much easier on the ISP because they get everything in one deliverable.
It's free and easy.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
disorder
Useful Idiot
Premium
join:2003-04-16
Alexandria, VA
clubs:
1 edit | Thanks steve I will surely check it out. |
|
nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON
·Cogeco Cable
| reply to Steve
said by Steve :
Much better is to use the myNetWatchman service, where your firewall logs are submitted to a central server, and summarized logs are sent to the ISPs. This makes it much easier on the ISP because they get everything in one deliverable.
I wsa going to get to that, but I find it's easier to make them see how annoying and how much of a hassle it is to do this whole thing the first time. 
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by nevertheless :
I was going to get to that, but I find it's easier to make them see how annoying and how much of a hassle it is to do this whole thing the first time.
So to make your point you sic him on a poor, defenseless abuse desk?
Maybe we should start sending stuff to you at abuse@cogeco.ca? 
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
nevertheless
Premium,VIP
join:2002-03-08
Burlington, ON
·Cogeco Cable
| said by Steve :
Maybe we should start sending stuff to you at abuse@cogeco.ca?
Many of the people in this forum already do--via Mynetwatchman!
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh? |
|
AzN_dude
@net.au | reply to disorder
Re: Someone At Earthlink Trying To Hack Into My PC?
burn his ass |
|
