Page 1 of 2 12 LastLast
Results 1 to 20 of 33

Thread: Repeated attempts to gain access to my comp

  1. #1
    smaier69
    Guest

    Question Repeated attempts to gain access to my comp

    i run a small LAN that has public ip's on the different computers. i have set up the security precautions to log all attempts to gain access to my computer by an outside internet based source.
    the issue (not really a problem at this juncture) is that there is one source in particular that has been repeatedly making access attempts. ARIN has given me the name and source of the various ip's making these attempts. just for arguement's sake, the source is


    Information Sciences Institute
    University of Southern California
    4676 Admiralty Way, Suite 330
    Marina del Rey, CA 90292-6695

    i have made calls to this organization as to the nature of their attempts, and have had to leave voicemails for a guy named "Bill". as of yet there have been no responses from him.

    is there a way to make this sort of thing stop (one or two attempts are normal, i'm sure due to the existance of "web crawlers" and such, but i think over the past week alone i have logged about 50 different instances for the above mentioned source. that makes me a little nervous. they are making attempts using a variety of ip adresses, protocols and ports). i have asked "Bill" in my voicemails to cease, but i would like to also know what their intent is as well.

    any input from anyone?

    [This message has been edited by smaier69 (edited 08-10-2000).]

    [This message has been edited by smaier69 (edited 08-10-2000).]

  2. #2
    smaier69
    Guest

    Post

    okay, i have an update to my above post.

    Bill called me back (a nice guy, by the way), and he said they work with ARIN on some level dealing with internet number allocations. he was very honest and forthcoming, and i feel kind of guilty about assuming he/his company was up to no good.

    at any rate, we both came to the tenative conclusion that it is probably a hacker who is spoofing his ip address (bill told me they dont have or use the ip's that i have logged) i guess the next step is to contact my isp, since they are doing the routing. i will post any updates/information i get.

    any other suggestions/insight is also appreciated

  3. #3
    TonyT
    Guest

    Post

    Well, I would bet that the probes are coming from them somehow. They sure have the capability to do whatever they want with computers! "Bill", the guy you talked to just doesn't know about it!

    ISI

  4. #4
    Junior Member
    Join Date
    Sep 2006
    Posts
    1
    I have that same problem too smaier69. They are doing it right now to get into my computer.


    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 10.0.0.0 - 10.255.255.255
    CIDR: 10.0.0.0/8
    NetName: RESERVED-10
    NetHandle: NET-10-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for spec

    Their phone number is 310-823-9358. Can someone call in the US as I am in Sydney. My McAfee tracer says these are the areas of locations are New York, Mexico Ciudad De, Santa Fe De Bogota, Lima, Sao Paulo, Moskva, Istanbul, Bombay, Seoul, Manila and Jakarta.

    Rosanna

  5. #5
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,912
    rosana do you realize that this thread is 6 years old?


  6. #6
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by mnosteele52
    rosana do you realize that this thread is 6 years old?

    LMAO!!

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    1

    Exclamation This threat is old but is active...

    i could be manny years old but im still getting attacks from that source.... i dont know what the hell theyre trying to do but its continuous..... heres the info below......


    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 192.168.0.0 - 192.168.255.255
    CIDR: 192.168.0.0/16
    NetName: IANA-CBLK1
    NetHandle: NET-192-168-0-0-1
    Parent: NET-192-0-0-0-0
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
    Comment:
    RegDate: 1994-03-15
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

  8. #8
    Regular Member Pettos's Avatar
    Join Date
    Oct 2006
    Location
    Sydney
    Posts
    251
    Quote Originally Posted by mnosteele52 View Post
    rosana do you realize that this thread is 6 years old?

    Don't you clean up your forums? rofl.

    Also, do what the rest of us do... Deny the access, and run a virus scan - other than your firewall software.

    For all you know that business name is a fake.

  9. #9
    Junior Member
    Join Date
    Nov 2007
    Posts
    3
    Old thread, I know, but I too am getting this, but it is being detected as "Zune Bus Enumerator", I just installed my new Zune software so I figured it was an update for the software or something, but I'm getting a message litterally every 2-5 minutes saying it has been blocked. Which is pretty scary if you ask me.

    Here is the backtrace from my firewall:

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 192.168.0.0 - 192.168.255.255
    CIDR: 192.168.0.0/16
    NetName: IANA-CBLK1
    NetHandle: NET-192-168-0-0-1
    Parent: NET-192-0-0-0-0
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
    Comment:
    RegDate: 1994-03-15
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org



    Any information on this would be helped.

  10. #10
    The 192.168.0.0/16 is reserved for private networks. A good example of a private network is one, two, three or more home computers connected to DSL or Cable through a cheap router.

    While it is remotely possible that someone from outside is attempting to access your internal network on this IP range (or the 10. previously mentioned) it is more likely that the activity in question is taking place from within your network.

    The fact that you are seeing internal traffic on this network range is not usually something worthy of sounding an alarm and jumping to conclusions. There are perfectly safe and normal reasons for seeing traffic related to an internal/private IP range.

    While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

    The likelihood of the alert responding to something malicious is plausible but unlikely. I would suggest running a good antivirus program with up to date virus definitions and monitor your port traffic to see which ports are actively listening.

    Start by running some netstat commands.

    Good luck.

  11. #11
    SG Enthusiast OSULLY's Avatar
    Join Date
    Nov 2007
    Location
    Catskills NY
    Posts
    1,348
    Quote Originally Posted by Tech Manager View Post
    While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

    The likelihood of the alert responding to something malicious is plausible but unlikely.
    Tad bit condescending and imo misleading.

    OSULLY
    ___________________________________________

  12. #12

    Actual Malicious Activity

    Just a note... Today, my roommate's Internet Gaming League account was hacked and all user accounts in his league were deleted. When the site's tech support was consulted, he was given this IP: 10.7.168.31...Which yeilded the same whois info as noted above.

  13. #13

    Heh, eight years old and gone from hacking to scamming

    Bloody obvious scam off a craigslist posting today, and all of the IPs in the header are registered to:

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

  14. #14

    Repeated attempts to gain access to my comp

    What I have learned.
    These guys are tracking every thing you do. Every thing. From emails to what you watch on your computer. TV, Movies. WMPlayer.
    Even after you think you have cleaned up after your self before you shut down, they have placed a program in you comp, that has disguised itself as operating start up system program. So that when you turn on your comp,puter, It sends out all your surfing, letters and whatever to them.
    Even with my internet blocked. (and it says blocked), I found out it goes around it, and sends the info. A friend and I set up a watch dog on are modem and sure enough the modem started working even though the lights on it were still. This company is sending the info to HOME LAND SECURITY. They are all so selling it to whoever wants to by it.
    Of course they are going to be the nicest guys, (BILL), When they bull **** you With," Oh its not us some one must be using are ip numbers". Go to the nearest used car lot and you will find a guy named Bill there too. Homeland security, protects these guys so forget abut shutting them down. Homeland is watching every one all around the world. Yes, even you in Sydney. This company will hack your comp, take what they can, sell it to whoever, AND THE ARE PROTECTED BY HOME LAND SECURITY, here in the US.
    This is not "SciFi" any more. This is the real thing.
    BIG BROTHER IS WATCHING YOU. ALL OF YOU, US.

  15. #15
    Quote Originally Posted by OSULLY View Post
    Tad bit condescending and imo misleading.

    OSULLY
    It certainly wasn't meant to be condescending. As for being misleading, may I ask you how it is misleading?
    I recommend Country IP Blocks dot net as part of your security arsenal.

  16. #16
    Junior Member
    Join Date
    May 2009
    Posts
    1

    Unhappy

    I too am now being spammed by this. I never used to be, then I found your site and tested my DL and UL speed. After that, I have been spammed by this IP.

    My firewall blocks a bunch of attempts, but one always gets through. I do a back trace and it shows the same results time and again.

    I am sure that your site has nothing to do with the issue, but I was hoping that you may have some suggestions that can help me to block these people.

    Side note: I think you guys and gals do a great job here and I thank you for your help. I didnt want it to sound like it was your fault or anything like that. What I meant by this is that I may have alerted someone to my presence when I used a mirror link to check my speed. I don't even know if that is possible lol.
    Anyway, thank s again.

    If anyone has any suggestions, please help. :]

    Thank you,
    Remove2
    Last edited by Remove2; 05-25-09 at 11:29 PM.

  17. #17
    Junior Member
    Join Date
    Jul 2009
    Posts
    1
    Hello,

    Just to say that ive also been a spammed. And i live in Portugal...

    What can i say...


    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 192.168.0.0 - 192.168.255.255
    CIDR: 192.168.0.0/16


    Thanks,
    Mitagera

  18. #18
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Lightbulb New Information

    It could be, more than likely, that their server's are/were infected with malicious software such as adware/malware/spyware/trojans, etc. That is what I get out of this information. I also know, for a fact myself, that using this proxy:74.86.156.18 on port:3128, you can surf the web with High Anonymity, which traces back to the same people. That's how I found this proxy server.

  19. #19
    Junior Member
    Join Date
    Jul 2009
    Posts
    2
    Ahh, as I was trying to post that last one, I found out that using that proxy, you can not sign in to any Log In based forum's, web based e-mail's, games, etc. I think that they are key logger's... Working in part for the Home Land Security to help monitor and invade Americans privacy. If your into politics, I am posting videos about some the thing's our so called "Grand" government is doing. My S/N for you-tube is regnitSnoiprocS, feel free to check it out.

  20. #20
    My network was invaded when WEP was off. Now my computer is running verrrrrry slow. AVG took off the banker virus and trojan. Are there files in my startup to delete?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •