View Full Version : Just U Check it
Noir Pouvoir
09-02-00, 04:03 PM
Curious, pick a network address more likely to initiate a Sub7 attack or any other form of attack eg BO,DD (not including UDP or TCP port probes)and add your own addresses to the list - let's see which of the ISP addresses the brunt of script kiddies attacks come from.
24.147.xxx.xxx
210.217.xxx.xxx
211.37.xxx.xxx
Noir Pouvoir
09-03-00, 12:08 AM
I guess not then, so much for that!
Noir Pouvoir
09-03-00, 11:43 AM
211.179.xxx.xxx port 12345 sub7
downhill
09-05-00, 07:10 PM
Hi Noir Pouvoir
Let' see.....
Most are from 24.XX.XXX.XX
24.18.XXX.XX
24.22.XXX.XX
24.0.XXX.XX
24.1.XXX.XX
24.42.XXX.XX
24.22.XXX.XX
24.11.XXX.XX
24.12.XXX.XX
Ect ect.....there are others but most are from 24. whatever....and most are subseven or
TCP OS fingerprint or Netbus.
A few from 164.XX.XXX.XX
Noir Pouvoir
09-06-00, 04:03 AM
WoW @Home subscribers are playing risky business with thier broadband.. Do they really want to go back to Dialup so badly!
24.164.xxx.xxx Sub 7
24.28.xxx.xxx Sub7
24.64.xxx.xxx this guy Used Linux nmap but didn,t know how to ues it properly..This fools running a server and I caught his ass. I sent him e-mails telling him of his efforts he very quickly responded with an apology.. thats all it takes..You shouldn,t probe the unknown there is always someone watchin..Peace out!
downhill
09-08-00, 07:24 AM
I'd have to agree!
It's why NASA blocked @home subscribers from their site a while back. Although I myself have't had problems accessing that site.
Most of mine check out as @home proxys. So they could also be spoofed. http://www.speedguide.net/ubb/biggrin.gif
Noir Pouvoir
09-27-00, 10:30 PM
Add to the list people...Come on
downhill
10-01-00, 09:04 AM
After a little thought, I can see no reason to not post the whole address. hehehe....
At least for those doing sub seven, Black Oriface ect ect.
216.164.224.66......Black Oriface and directed at me only.
161.31.208.xxx....TCP OS fingerprint
164.100.199.x.....Same
192.168.1.xx......Same
63.199.87.148.....Sub Seven
216.244.6.3.......Sub Seven
24.0.177.97.......Sub Seven
Up Up Up^^^^^^^^
Noir Pouvoir
10-01-00, 02:57 PM
If ya want post full adresses,do so! lets get this thing rolling. Maybe someone here will see their address and freak..hehe
If the attacks/probes are spoofed then the onus is on the victim to beef up their security or face the wrath of the mighty ISP.
Blocking incoming connection attempt: src=203.248.230.87, local port 12345.
Blocking incoming connection attempt: src=211.186.209.41, local port 12345.
Both over 32 probes..
Blocking incoming connection attempt: src=194.190.217.95, local port 1243.
Blocking incoming connection attempt: src=194.190.217.95, local port 27374.
8 attempts each,and this hack changed to another port! Wally
Blocking incoming connection attempt: src=24.114.132.221, local port 27374.
16 attempts.
Another @home user who wants to go back to Dialup, I guess it's his or her choice!
Culminated in 2hours.
JANDOENT
10-04-00, 05:46 PM
209.202.197.71:80
" " 196.76:80
" " " .74:80
" " " .73:80
" " " .78:80
" " .197.72:80
" " " .76:80
128.32.246.64:25
Many times in 2 days by these.
vBulletin® v3.7.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.