deadman_uk
[H]ard|Gawd
- Joined
- Jun 30, 2003
- Messages
- 1,982
My sygate firewall for the past 3 nights keeps coming up with the message port scan attack detected.
today it came up again, twice but a different ip this time. The ip is 213.118.92.167.
After doing some research i found out this info....
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 213.118.64.0 - 213.118.159.255
netname: TELENET
descr: Telenet Operaties N.V.
country: BE
admin-c: PS396-RIPE
tech-c: PS396-RIPE
status: ASSIGNED PA
mnt-by: TELENET-DBM
mnt-lower: TELENET-DBM
changed: [email protected] 20020418
source: RIPE
route: 213.118.0.0/15
descr: TELENET
origin: AS6848
mnt-by: TELENET-OPS-MNT
changed: [email protected] 20010523
source: RIPE
role: Technical Internet
address: Telenet Operaties N.V.
address: Liersesteenweg 4
address: B-2800 Mechelen
address: Belgium
e-mail: [email protected]
trouble: IMPORTANT: To report intrusion attempts, hacking,
trouble: IMPORTANT: spamming, or other unaccepted behavior
trouble: IMPORTANT: by a Telenet/Pandora customer, please
trouble: IMPORTANT: send a message to [email protected]
trouble: IMPORTANT: Voor het rapporteren van inbraakpogingen,
trouble: IMPORTANT: hacking, spamming, of ander onaanvaardbaar
trouble: IMPORTANT: gedrag van een Telenet/Pandora klant, gelieve
trouble: IMPORTANT: een bericht te zenden naar [email protected]
admin-c: TI346-ORG
tech-c: TI346-ORG
nic-hdl: PS396-RIPE
mnt-by: TELENET-DBM
changed: [email protected] 20000630
source: RIPE
And just a minute ago, sygate fire said logged an application hijack attempt...
Application Hijacking has been detected
The application: C:\WINDOWS\system32\ntvdm.exe try to launch another application: C:\WINDOWS\system32\tracert.exe to go to remote host 213.118.92.167
today it came up again, twice but a different ip this time. The ip is 213.118.92.167.
After doing some research i found out this info....
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 213.118.64.0 - 213.118.159.255
netname: TELENET
descr: Telenet Operaties N.V.
country: BE
admin-c: PS396-RIPE
tech-c: PS396-RIPE
status: ASSIGNED PA
mnt-by: TELENET-DBM
mnt-lower: TELENET-DBM
changed: [email protected] 20020418
source: RIPE
route: 213.118.0.0/15
descr: TELENET
origin: AS6848
mnt-by: TELENET-OPS-MNT
changed: [email protected] 20010523
source: RIPE
role: Technical Internet
address: Telenet Operaties N.V.
address: Liersesteenweg 4
address: B-2800 Mechelen
address: Belgium
e-mail: [email protected]
trouble: IMPORTANT: To report intrusion attempts, hacking,
trouble: IMPORTANT: spamming, or other unaccepted behavior
trouble: IMPORTANT: by a Telenet/Pandora customer, please
trouble: IMPORTANT: send a message to [email protected]
trouble: IMPORTANT: Voor het rapporteren van inbraakpogingen,
trouble: IMPORTANT: hacking, spamming, of ander onaanvaardbaar
trouble: IMPORTANT: gedrag van een Telenet/Pandora klant, gelieve
trouble: IMPORTANT: een bericht te zenden naar [email protected]
admin-c: TI346-ORG
tech-c: TI346-ORG
nic-hdl: PS396-RIPE
mnt-by: TELENET-DBM
changed: [email protected] 20000630
source: RIPE
And just a minute ago, sygate fire said logged an application hijack attempt...
Application Hijacking has been detected
The application: C:\WINDOWS\system32\ntvdm.exe try to launch another application: C:\WINDOWS\system32\tracert.exe to go to remote host 213.118.92.167