OH CRAP!!??? what's going on here???

[drdoug99]

Ok, I come back from a nice day with friends and seeing a movie, a rare treat from my digital computer life normally....and look at my demo version of Zone Alarm Pro...<hint>anyone out there know how to make my demo a full version?</hint> and see 235 ALERTS!!!! wow, that's a big number!!

Some alerts are FTP hits, (TCP Port 3149)(TCP Flags S), what does the S mean for the flags? is that a security level for ZOne Alarm??
Some alerts are HTTP, TCP Port 38852, Flag S, most are ICMP Echo Request, Pings as well.
Yea, I'm scrolling through the alerts as I type this, about 50 in a row, in a time span of only 5 minutes, are the IMCP echo requests, all from different IP's.

Ok...scrolled through some more, about 200 are IMCP echo pings, and the rest were a mix of TCP, HTTP, DNS, and NetBios alerts.
Is this something I should worry about? The most alerts I've gotten before was like maybe 10 in a day, I usually don't get 10 in a month....the More Info buttong doesn't give me more info, all the IP addresses come back with no information.
I'm not really worried, they are just pings after all, and since I'm in stealth mode, whoever pinged me doesn't even know I am there...is this the work of "hacker script kiddies" or normal ISP pings, or what? If you need more info, I'll give it.

Thanks in advance.

[KSJNX]

hmmm maybe u talked to someone in a chat room or somehing and they found ure ip and know that it's reel. anyway as long as ZA is blocking them i wouldn't worry. just paste his ip and we shall track him down for ya.

[drdoug99]

OK, here's the IP's of who or what pinged me.

141.155.65.11 - did a whois, it's from Texas

206.3.25.160 - no info

199.104.138.45 - no info

38.144.82.102 - no info

202.107.205.193 - no info

202.221.54.124 - from Japan

63.36.152.176 - no info

128.206.47.237 - no info

63.112.250.150 - no info

213.213.12.78 - from Italy, I think

210.179.185.1 - no info

That's all that Zone Alarm logged in the log file, was those IP's.

[KSJNX]

ok i got the ones that u couldn't get pc160.clubasia.co.jp (206.3.25.160)

206.0.0.0 - 206.7.255.255
Performance Systems International, Inc.
Performance Systems International, Inc.
510 Huntmar Park Drive
Herndon, Virginia 22070
US

--------------------------------------------------------------------------------

PSINet,Inc.
hostinfo@psi.com
(518) 283-8860
199.104.138.45

199.104.0.0 - 199.104.255.255
Westnet Regional Network
3645 Marine Street
Boulder, CO 80309-0455
US

--------------------------------------------------------------------------------

Garner, Chris
cgarner@SNI.NET
(303) 296-8202x173 (FAX) (303) 296-8224

--------------------------------------------------------------------------------


199.104.128.0 - 199.104.255.255
Arizona Tri-University Network
Telecommunication Services
Arizona State University
Tempe, Arizona 85287-0201
US

--------------------------------------------------------------------------------

Gardner, Scott
Scott.Gardner@ASU.EDU
602 - 965 - 2608

--------------------------------------------------------------------------------


38.144.82.102

38.0.0.0 - 38.255.255.255
Performance Systems International
510 Huntmar Park Drive
Herndon, VA 22070
US

--------------------------------------------------------------------------------

PSINet,Inc.
hostinfo@psi.com
(518) 283-8860

202.107.205.193

202.107.204.0 - 202.107.206.127
ZHEJIANG SCIENCE&TECHNOLOGY INFORMATION INSTITUTE
China

--------------------------------------------------------------------------------

JIANG LUZHONG
NO 91 WESTERN HUANCHENG ROAD,HANGZHOU,ZHEJIANG PROVINCE,310006
China
+86-571-7054086

--------------------------------------------------------------------------------
63.0.0.0 - 63.63.255.255
UUNET Technologies, Inc.
3060 Williams Drive, Suite 601
Fairfax, va 22031
US

--------------------------------------------------------------------------------

UUNET, AlterNet - Technical Support
help@UUNET.UU.NET
800-900-0241

--------------------------------------------------------------------------------

(128.206.47.237)

128.206.0.0 - 128.206.255.255
University of Missouri-Columbia
615 Locust Street
Columbia, MO 65211
US

--------------------------------------------------------------------------------

Irovic, David
irovicd@missouri.edu
573.884.4654 (FAX) 573.884.6000

--------------------------------------------------------------------------------


63.112.250.150 63.112.250.128 - 63.112.250.191
Urology Associates o
7014 N Whitney Ave.
Fresno, CA 93720
US

--------------------------------------------------------------------------------

Martinez, Mike
mmartinez@systemconcepts.com
949-212-4955

--------------------------------------------------------------------------------

h213-12-78.NA1.albacom.net (213.213.12.78)

213.213.0.0 - 213.213.31.255
Albacom Dial Services

--------------------------------------------------------------------------------

Albacom Internet Staff
Albacom SpA
Via V. Bianchini, 15
I-00141 Roma
Italy
+39-06-8741111
staff@albacom.net

--------------------------------------------------------------------------------

210.179.185.1

210.178.0.0 - 210.183.255.255
National Computerization Agency
Korea Network Information Center
Korea South

--------------------------------------------------------------------------------

Weon Kim
Korea Network Information Center (KRNIC)
**************** Important Notice **********************
KRNIC is the National Internet Registry.
If you want to find detail assignment information
about above IP address, please use "http://whois.nic.or.kr"
*****************************************************
Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku
Seoul, 137-070, Republic of Korea
Korea South
+82-2-2186-4500
+82-2-2186-4496
hostmaster@nic.or.kr

--------------------------------------------------------------------------------

Sangyong Ha
Korea Network Information Center
National Computerization Agency
128, Jukjun-lee, Suji-myun, Yongin-gun, Kyonggi-do, Korea
449-840
+82 331 289 1674
+82 331 284 2753
syha@rs.krnic.net

--------------------------------------------------------------------------------

Seungmin Lee
Korea Network Information Center (KRNIC)
**************** Important Notice **********************
KRNIC is the National Internet Registry
If you want to find detail assignment information
about above IP address, please use ?http://whois.nic.or.kr"
*****************************************************
Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku
Seoul, 137-070, Republic of Korea
Korea South
+82-2-2186-4500
+82-2-2186-4496
hostmaster@nic.or.kr

--------------------------------------------------------------------------------



hope this helps. i would think there all drones. if i were you i would e-mail the admin of each isp and tell them that one of there users has ben hacked or one of them is prolly the attacker.

[drdoug99]

cool, thanks guys.

Some of the people, like Chris Garner, and Scott Gardner or whoever, are those the people that pinged me, or the ISP people? do I email them personally?

or is the hostinfo@psi.com who I should email? thanks again.

[KSJNX]

There the admins not the attackers. if there is an abuse adress example abuse@athome.com e-mail them if theres just the admins addy e-mail them

[Prey521]

Hey Doug, check your Private Message

[Silver]

Did you have napster running? If so, thats where all those came from. Napster/file sharing programs make zone go nuts with icmp scans, I have had like 125 just from being on napster like half an hour.