Battle with the hacker continues.

[Bowhuntr11]

Im back!

 

[BinarySynapse]

Gibzilla, did you say you downloaded your Ubuntu through through torrent? If so here did you get the torrent? (i.e. from Ubuntu's site or torrent search.)

 

[Gibzilla]

You better hope that the mailman is not your HaXoR.......or you got big problems Mr Hammond.....

Heh true but I don't think he even knows to how to work his wrist watch. He's more afraid of dogs.

I gotta rule out all the variebles, then whatever's left after that's gotta be the truth. At least that'll make it easier for me to find out how the intrusion is taking place. Someone working at my ISP or somebody elseware.

Here is another true story. I went on to http://www.socalsvriders.org/ They have a little java chat thing on the top left. I was mouthing off to someone and admin didn't like that so he crashed my computer(winxp sp2).

SO I know for sure there's a way to crash someone's computer with java and IE6.

 

[Bowhuntr11]

OH yeah?!?!? Well I am going to make your computer crash in 10 years!!!!! MWHAHAHAH

 

[Gibzilla]

Gibzilla, did you say you downloaded your Ubuntu through through torrent? If so here did you get the torrent? (i.e. from Ubuntu's site or torrent search.)

No I've downloaded ubuntu 6.06 i386 ISO from one of the mirrors. I know enough to not trust torrent.

 

[Danith]

Heh true but I don't think he even knows to how to work his wrist watch. He's more afraid of dogs.

I gotta rule out all the variebles, then whatever's left after that's gotta be the truth. At least that'll make it easier for me to find out how the intrusion is taking place. Someone working at my ISP or somebody elseware.

Here is another true story. I went on to http://www.socalsvriders.org/ They have a little java chat thing on the top left. I was mouthing off to someone and admin didn't like that so he crashed my computer(winxp sp2).

SO I know for sure there's a way to crash someone's computer with java and IE6.

Actually IE6 is kinda hit and miss with the java stuff.. Heck even viewing plain text on IE sometimes makes it crash

 

[BinarySynapse]

Actually IE6 is kinda hit and miss with the java stuff.. Heck even viewing plain text on IE sometimes makes it crash

Hell opening IE makes it crash from time to time.

 

[modi123]

Hell opening IE makes it crash from time to time.

That damn intraweb thing never worked well with IE. I flat out refuse to use the intraweb anymore - haX0rs, digital STDS, and spam out of a can.

 

[Bowhuntr11]

Alright, I am out thanks for the entertainment today Gibzilla.

 

[BinarySynapse]

That damn intraweb thing never worked well with IE. I flat out refuse to use the intraweb anymore - haX0rs, digital STDS, and spam out of a can.

intraweb? hmm, hadn't heard that one before.

 

[BlackTigers91]

Here are the WHOIS's for the IPS's that are haxxoring you!

http://www.dnsstuff.com/tools/whois.ch?ip=221.208.208.96
http://www.dnsstuff.com/tools/whois.ch?ip=60.11.125.54


Yo uare getting hacked from China, OH NOEZ!

 

[modi123]

intraweb? hmm, hadn't heard that one before.

Yup, it's brand new.

Side note, I think I might have found out what the haX0r is using - "The Gibson". Really, what else could be this freaking good?

 

[Bowhuntr11]

"The Gibson". Really, what else could be this freaking good?

Yes the matrix has you.

Its "The Matrix"!!! Not "The Gibson"!! Ok now I am out

 

[NemesisBLK]

This thread is comedy gold. Let me get in on the act...

Here is another true story. I went on to http://www.socalsvriders.org/ They have a little java chat thing on the top left. I was mouthing off to someone and admin didn't like that so he crashed my computer(winxp sp2).

No no no. All he did was clog your internet tubes up so much that it made your computer sick. Just use some ajax on your internet tubes and give some asprin to your computer to make things all better again. Send us an internet after you disconnect the modem's cable from your ethernet card.


Sen. Ted Stevens approves of this post.

P.S. Remember to disconnect the power plug from your modem too!

 

[Baredor]

Referencing this thread, I would like to fill out a form to nominate Gib for an official position.

 

[tskiller]

wow this is still going on. This is kinda sad.

reminds me of one time in middle school computer class, the chick next to me freaked out and called the teacher over because altavista told her that her computer was running too slow and she needed to download an application to fix it.......and nothing the teacher told her would convince her that it was just a banner ad.

 

[Joves]

wow this is still going on. This is kinda sad.

reminds me of one time in middle school computer class, the chick next to me freaked out and called the teacher over because altavista told her that her computer was running too slow and she needed to download an application to fix it.......and nothing the teacher told her would convince her that it was just a banner ad.

Was she blond and, hot? That usually causes many errors on operating systems.

 

[tim-bit]

This thread is very interesting. I will make sure to print out a copy of the machine code in my BIOS' EEPROM so That if a hacker overwrites it i can manually reLoad it.

I totally agree with you. Best thread ever lol

 

[Crosshairs]

I cant believe the lack of respect this hacker showed you

 

[Gibzilla]

what can I possibly produce to convince you doubters that something un-kosher is going on? I was thinking.

So I've dusted off my canon digital camera and set it on video mode. Now, if it happens again, I'll record it and upload it. fair enough? will you then stfu and provide some help?

Now, before I went out to eat today, I've hooked up my dlink 634m up to WAN only to see what the router log catches. I came home few hours later to find my router lights flashing all wildly. AND I got it on TAPE!.

I'm uploading it to my youtube account now. stay tuned. meanwhile... here's fresh netstat -a

arrowhead@dvd:~$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:36515 *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:36058 *:* LISTEN
tcp 0 0 192.168.0.182:46741 www3.itotf.net:www ESTABLISHED
tcp 0 0 192.168.0.182:46742 www3.itotf.net:www ESTABLISHED
tcp 0 0 localhost:36515 localhost:58507 ESTABLISHED
tcp 0 0 localhost:58507 localhost:36515 ESTABLISHED
tcp 0 66360 192.168.0.182:46980 v88.youtube.com:www ESTABLISHED
tcp 0 0 192.168.0.182:40515 www.youtube.com:www ESTABLISHED
tcp 0 0 192.168.0.182:40516 www.youtube.com:www ESTABLISHED
udp 0 0 *:bootpc *:* <----- WTF is this?
udp 0 0 192.168.0.182:32999 192.168.1.1:domain ESTABLISHED<---- WTF is this?


Welp upload is done, Here is the VIdeo!

http://www.youtube.com/watch?v=1zWQZzFNpTE

 

[Xipher]

how about tcpdump packet capture files, and a dd of your HD to do some forensics checks on?

Seriously I have seen mice that glitch and move the cursor themselves, it's happened to me on multiple occasions simply because of the surface the mouse was sitting on.

 

[Gibzilla]

all the across the screen with your hand totally off of it?

. DAy 3 of me noticing the weird happenings and i'm getting hammered. modem lighten is on constant solid send and receive.

All this happening with in a few minutes of connecting pc to the internet.

[INFO] Wed Sep 20 06:19:29 2006 Log viewed by IP address 192.168.0.182
[INFO] Wed Sep 20 06:19:26 2006 Allowed configuration authentication by IP address 192.168.0.182
[INFO] Wed Sep 20 06:19:18 2006 Blocked incoming UDP packet from 221.209.110.49:36014 to My computer:1026
[INFO] Wed Sep 20 06:18:48 2006 Blocked incoming UDP packet from 221.208.208.101:55806 to My computer:1027
[INFO] Wed Sep 20 06:18:48 2006 Blocked incoming UDP packet from 221.208.208.101:55456 to My computer:1027
[INFO] Wed Sep 20 06:18:48 2006 Blocked incoming UDP packet from 221.208.208.101:54984 to My computer:1026
[INFO] Wed Sep 20 06:18:48 2006 Previous message repeated 2 times
[INFO] Wed Sep 20 06:18:32 2006 Blocked incoming TCP connection request from 24.126.240.96:1306 to My computer:443
[INFO] Wed Sep 20 06:18:32 2006 Blocked incoming UDP packet from 204.16.208.90:52704 to My computer:1027
[INFO] Wed Sep 20 06:18:32 2006 Blocked incoming UDP packet from 204.16.208.90:52704 to My computer:1026
[INFO] Wed Sep 20 06:18:32 2006 Previous message repeated 1 time
[INFO] Wed Sep 20 06:18:14 2006 Blocked incoming TCP connection request from 24.126.240.96:1253 to My computer:80
[INFO] Wed Sep 20 06:18:13 2006 Blocked incoming TCP connection request from 24.126.53.244:2453 to My computer:80
[INFO] Wed Sep 20 06:18:11 2006 Blocked incoming TCP connection request from 24.126.240.96:1253 to My computer:80
[INFO] Wed Sep 20 06:18:10 2006 Blocked incoming TCP connection request from 24.126.53.244:2453 to My computer:80
[INFO] Wed Sep 20 06:18:10 2006 Previous message repeated 1 time
[INFO] Wed Sep 20 06:17:54 2006 Blocked incoming TCP connection request from 24.126.53.244:2375 to My computer:80
[INFO] Wed Sep 20 06:17:43 2006 Blocked incoming UDP packet from 221.208.208.92:34879 to My computer:1026
[INFO] Wed Sep 20 06:17:26 2006 Blocked incoming UDP packet from 193.47.186.81:30356 to My computer:1026
[INFO] Wed Sep 20 06:14:30 2006 Blocked incoming UDP packet from 202.97.238.134:54726 to My computer:1027
[INFO] Wed Sep 20 06:14:30 2006 Blocked incoming UDP packet from 202.97.238.134:54726 to My computer:1026
[INFO] Wed Sep 20 06:14:10 2006 Blocked incoming UDP packet from 204.16.208.233:46558 to My computer:1026
[INFO] Wed Sep 20 06:14:10 2006 Blocked incoming UDP packet from 204.16.208.233:46558 to My computer:1027
[INFO] Wed Sep 20 06:14:10 2006 Blocked incoming UDP packet from 204.16.208.233:46557 to My computer:1026
[INFO] Wed Sep 20 06:14:10 2006 Blocked incoming UDP packet from 204.16.208.233:46557 to My computer:1027
[INFO] Wed Sep 20 06:13:04 2006 Blocked incoming UDP packet from 65.134.236.70:18732 to My computer:1026
[INFO] Wed Sep 20 06:12:17 2006 Blocked incoming UDP packet from 221.208.208.91:41078 to My computer:1027
[INFO] Wed Sep 20 06:12:17 2006 Blocked incoming UDP packet from 221.208.208.91:41078 to My computer:1026
[INFO] Wed Sep 20 06:12:17 2006 Blocked incoming UDP packet from 221.208.208.91:41077 to My computer:1027
[INFO] Wed Sep 20 06:12:17 2006 Blocked incoming UDP packet from 221.208.208.91:41077 to My computer:1026
[INFO] Wed Sep 20 06:12:09 2006 Blocked incoming UDP packet from 202.97.238.201:45667 to My computer:1026
[INFO] Wed Sep 20 06:11:34 2006 Blocked incoming UDP packet from 24.167.236.14:2173 to My computer:1026
[INFO] Wed Sep 20 06:10:24 2006 Blocked incoming UDP packet from 202.99.172.175:42089 to My computer:1027
[INFO] Wed Sep 20 06:10:24 2006 Previous message repeated 2 times
[INFO] Wed Sep 20 06:09:46 2006 Blocked incoming UDP packet from 60.11.125.51:46599 to My computer:1027
[INFO] Wed Sep 20 06:08:09 2006 Blocked incoming UDP packet from 24.119.37.154:5844 to My computer:1026
[INFO] Wed Sep 20 06:06:52 2006 Blocked incoming UDP packet from 193.47.186.58:30356 to My computer:1026
[INFO] Wed Sep 20 06:06:38 2006 Blocked incoming UDP packet from 204.16.208.239:46197 to My computer:1026
[INFO] Wed Sep 20 06:06:38 2006 Blocked incoming UDP packet from 204.16.208.239:46197 to My computer:1027
[INFO] Wed Sep 20 06:06:26 2006 Blocked incoming UDP packet from 60.11.125.38:34717 to My computer:1026
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58023 to My computer:1027
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58023 to My computer:1026
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58023 to My computer:1027
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58023 to My computer:1026
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58022 to My computer:1027
[INFO] Wed Sep 20 06:06:20 2006 Blocked incoming UDP packet from 221.208.208.95:58022 to My computer:1026
[INFO] Wed Sep 20 06:05:10 2006 Blocked incoming UDP packet from 64.183.54.122:17058 to My computer:1026
[INFO] Wed Sep 20 06:05:08 2006 Blocked incoming ICMP packet (ICMP type 8) from 24.127.58.208 to My computer
[INFO] Wed Sep 20 06:04:49 2006 Blocked incoming UDP packet from 204.16.208.241:48335 to My computer:1027
[INFO] Wed Sep 20 06:04:49 2006 Blocked incoming UDP packet from 204.16.208.241:48335 to My computer:1026
[INFO] Wed Sep 20 06:04:12 2006 Blocked incoming UDP packet from 204.16.208.20:51281 to My computer:1026
[INFO] Wed Sep 20 06:04:12 2006 Blocked incoming UDP packet from 204.16.208.20:51281 to My computer:1027
[INFO] Wed Sep 20 06:00:59 2006 Blocked incoming TCP packet from 127.0.0.1:80 to My computer:1017 as RST:ACK received but there is no active connection
[INFO] Wed Sep 20 06:00:33 2006 Blocked incoming UDP packet from 202.97.238.194:39852 to My computer:1027
[INFO] Wed Sep 20 06:00:33 2006 Blocked incoming UDP packet from 202.97.238.194:39852 to My computer:1026
[INFO] Wed Sep 20 06:00:08 2006 Blocked incoming UDP packet from 221.208.208.86:47397 to My computer:1027
[INFO] Wed Sep 20 06:00:08 2006 Blocked incoming UDP packet from 221.208.208.86:47397 to My computer:1026
[INFO] Wed Sep 20 06:00:03 2006 Blocked incoming UDP packet from 24.42.204.8:31064 to My computer:1026
[INFO] Wed Sep 20 05:59:01 2006 Blocked incoming UDP packet from 221.208.208.104:50826 to My computer:1027
[INFO] Wed Sep 20 05:59:01 2006 Blocked incoming UDP packet from 221.208.208.104:50826 to My computer:1026
[INFO] Wed Sep 20 05:58:54 2006 Blocked incoming UDP packet from 24.77.243.6:0 to My computer:1026
[INFO] Wed Sep 20 05:58:54 2006 Blocked incoming UDP packet from 24.77.243.6:0 to My computer:1025
[INFO] Wed Sep 20 05:58:54 2006 Previous message repeated 1 time
[INFO] Wed Sep 20 05:58:36 2006 Blocked incoming TCP connection request from 24.126.53.244:1605 to My computer:80
[INFO] Wed Sep 20 05:57:57 2006 Blocked incoming UDP packet from 202.97.238.131:43167 to My computer:1027
[INFO] Wed Sep 20 05:57:57 2006 Blocked incoming UDP packet from 202.97.238.131:43167 to My computer:1026
[INFO] Wed Sep 20 05:57:13 2006 Blocked incoming UDP packet from 164.164.250.2:0 to My computer:1026
[INFO] Wed Sep 20 05:57:13 2006 Blocked incoming UDP packet from 164.164.250.2:0 to My computer:1025
[INFO] Wed Sep 20 05:57:08 2006 Blocked incoming UDP packet from 65.121.51.235:9123 to My computer:1026
[INFO] Wed Sep 20 05:57:05 2006 Blocked incoming UDP packet from 60.11.125.54:47120 to My computer:1027
[INFO] Wed Sep 20 05:57:05 2006 Previous message repeated 8 times
[INFO] Wed Sep 20 05:54:59 2006 Blocked outgoing TCP packet from 192.168.0.182:45674 to 82.211.81.132:80 as FIN:ACK received but there is no active connection

Looks like I too have lots of friends in china.

 

[lesman]

Yup, it's brand new.

NOT new, lol. I've seen it here many, many times! ANYWAYS...back to the thread!

 

[DamienThorn]

This thread is comedy gold. Let me get in on the act...



No no no. All he did was clog your internet tubes up so much that it made your computer sick. Just use some ajax on your internet tubes and give some asprin to your computer to make things all better again. Send us an internet after you disconnect the modem's cable from your ethernet card.


Sen. Ted Stevens approves of this post.

P.S. Remember to disconnect the power plug from your modem too!

hahaha! You said "tubes."

 

[tdg]

1) Unplug your router from the modem, reset it to factory defaults and re-secure it and then power it off.
2) Flash your BIOS with the latest version, clear the CMOS after, reboot and reconfigure anything special.
3) Do a zero-fill on your hard drive, reinstall OS, virus/firewall/whatever software.
4) Reconnect and power up the router, go directly to Windows Update and download all patches immediately, reboot and grab a refreshing drink as required.
5)... profit

If this still fails:
1) Post all items for sale on the FS subforum.
2) After collecting monetary unit of your likings, box parts and ship them.
3) Purchase Etch-A-Sketch.
4) ...

 

[Gibzilla]

If this still fails:
1) Zero fill hard drive
2) Post all items for sale on the FS subforum.
3) After collecting monetary unit of your likings, box parts and ship them.
4) Purchase Etch-A-Sketch.
5)... profit

At this point that don't sound like such a bad idea. I gotta headach from all the reading i've done on all these stacks, udp packets sniffing blah blah blah. It's like I have to be a wizkid or something.

 

[memphis_1220]

all the across the screen with your hand totally off of it?

. DAy 3 of me noticing the weird happenings and i'm getting hammered.

My mouse does this from time to time. It calms down within a minute. Nothing special.

Also, if you are worried about all these incoming connections wouldnt it be best to contact you're ISP to see if they have an idea as to why its happening to you?

 

[Xipher]

all the across the screen with your hand totally off of it?

Yes, actually, it will just slide across slowly, and doesn't stop until I move the mouse. The little camera probably catches a repeating pattern and thinks it's moving or something.

 

[ThreeDee]

there are a couple boxes at work with cheaper optical meeses on them that tend to wander from time to time ...and a few that just freat out totally until you lift the mouse u and then reset in the mousepad ... I thought it was from just being cheaper hardware , but it turns out it was actually being caused by some swamp smell'n skanky long haired naked teenager chick that keeps killing my co-workers ....dang she's annoying


[F]old|[H]ard

 

[BinarySynapse]

Yes, actually, it will just slide across slowly, and doesn't stop until I move the mouse. The little camera probably catches a repeating pattern and thinks it's moving or something.

I said something similar to this a few pages back.

My mouse pointer used to do that too. Didn't even consider a hacker. Figure it was the pattern on my keyboard tray. When the light in the mouse would dim down the pickup would think the pattern moved and activate my mouse and register a move in one direction or another.

Also my old logitech optical mouse would jump to the edge of the screen randomly.

Buy you a solid color mouse pad and see if the problem disappears.

And also it's not uncommon to have mysterious IP addresses attacking your netwrok. There are probably hundred of IP scanners looking for open computers to hack into. How do you think Blaster spread so fast?

Another thing is that there is malware out there that you can get just by visting random websites. Although it may not be harmful, it can be annoying and open popups randomly. I just had to clean up my sisters computer because of that problem. She'd be in Word and IE would suddenly open up to some random web page.

 

[Gibzilla]

So what about my router freaking out?

Don't everyone all comment at once about that.

I can usually tell when he/she's logged on because my internet connection comes to a crawl or hangs for 5 seconds after each click.

Something is definitely not right... I just can't pin point it. It's gotta be something above and beyond normal hacking job. Why would someone in that position decided to use my computer as a guinee pig I don't know.

and why does this ubuntu runs everything from /tmp directory(ubuntu)? Why does one last window's security update hang everytime before the weird shit happens(winxp)? Who added gnome desktop icon on my panel while I was away(ubuntu)?????

Lastly, how come my mouse pointer never did that in 3 years of owning it until recently(win2k)?

You are telling me all these things are coincidents?

Now, I've done some thinking. Yes I have a brain. Hair brain but it works... thanks. Anyway, I was thinking who is the last person I really pissed off. I'm thinking it was a woman and possibly someone was pissed off at me for insulting his girl.

Prime suspect, Mr. Paul Lin.

Domain ID103878855-LROR

Domain Name:SOCALSVRIDERS.ORG

Created On:23-Jan-2004 04:19:41 UTC

Last Updated On:29-Nov-2005 19:47:02 UTC

Expiration Date:23-Jan-2008 04:19:41 UTC

Sponsoring Registrar:Namesdirect Inc. (R92-LROR)

Status:OK

Registrant IDOT-HDUL2T2F3AP6

Registrant Nameaul Lin

Registrant Organization:Southern California SV Riders

Registrant Street1:San Diego

Registrant Street2:

Registrant Street3:

Registrant City:San Diego

Registrant State/Province:CA

Registrant Postal Code:92122

Registrant Country:US

Registrant Phone:+1.8585555555

Registrant Phone Ext.:

Registrant FAX:

Registrant FAX Ext.:

Registrant Email:[email protected]

Admin IDOT-W8711EQRI33U

Admin Nameaul Lin

Admin Organization:Southern California SV Riders

Admin Street1:San Diego

Admin Street2:

Admin Street3:

Admin City:San Diego

Admin State/Province:CA

Admin Postal Code:92122

Admin Country:US

Admin Phone:+1.8585555555

Admin Phone Ext.:

Admin FAX:

Admin FAX Ext.:

Admin Email:[email protected]

Tech IDOT-MEQKYN07XH5A

Tech Nameaul Lin

Tech Organization:Southern California SV Riders

Tech Street1:San Diego

Tech Street2:

Tech Street3:

Tech City:San Diego

Tech State/Province:CA

Tech Postal Code:92122

Tech Country:US

Tech Phone:+1.8585555555

Tech Phone Ext.:

Tech FAX:

Tech FAX Ext.:

Tech Email:[email protected]

Name Server:NS1.MYDOMAIN.COM

Name Server:NS2.MYDOMAIN.COM

Name Server:NS3.MYDOMAIN.COM

Name Server:NS4.MYDOMAIN.COM

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Server Tracert's to UC San Diego... hmmm getting warmer...

 

[Dew]

This is so fun to watch. It's like "Net Wars: Episode V - Return of the PEBCAK", or something.

 

[Gibzilla]

wtf is pebcak?

 

[KodiakStar]

This is so fun to watch. It's like "Net Wars: Episode V - Return of the PEBCAK", or something.

LOL.

 

[SJConsultant]

wtf is pebcak?

Problem Exists Between Chair and Keyboard.

 

[KodiakStar]

Proof that he is like.. 10.. and doesn't really know what he is talking about.

My Vtec will pWnz j0000!!!

http://www.hardforum.com/showpost.php?p=1029991458&postcount=17

 

[Gibzilla]

everyone knows about the vtec satire for a Honda crowd. Anyways.

So anyone wanna guess why my router was going off the wall yesterday?

http://www.youtube.com/watch?v=1zWQZzFNpTE

If I didn't record that you folks prolly thought i was lying about it also.

 

[Gibzilla]

Proof that he is like.. 10.. and doesn't really know what he is talking about.


http://www.hardforum.com/showpost.php?p=1029991458&postcount=17

I'm not 10 but I don't know what I'm talking about when it comes to network security. WHy would I come here and ask you people if I knew everything.

Btw, today I don't notice anything funky. Prolly he's out doing something and not on his computer.

 

[Malk-a-mite]

how about tcpdump packet capture files, and a dd of your HD to do some forensics checks on?.

Xipher - you've been reading the same thread as the rest of us right? tcpdump and dd of the hard drive? You're kidding right?

 

[Gibzilla]

Linux is amazing. Ethereal is amazing. It's like I've been living under a rock for all these years as windows user completely oblivious to the outside world.

I need to order a bigger monitor....


..........