Repeated attempts to gain access to my comp

[wujan]

I installed linux fedora and thousands of people were hacking my ssh port!

Annoying - after i did some research i found i did not have to worry much if i have strong passwords.

[lokgiordan40]

hi, i'm running a software to control the traffic on my computer called
netkeeper 3.10 and i found the same problems


there are many attacker and i think they disguise their identity as organizations of sort, my
conclusion is that is also possible that are real organization since they actually get into our
computer very easely.
now i'm here to post what i found ( it would be smarter if was possible to post screen shots of
my program




Local Information:
Address: 192.168.0.2
Port: 138


Remote Information:
Address: 192.168.0.255
Port: 138 (netbiosdgm, NETBIOS Datagram Service)
Orgnization: Internet Assigned Numbers Authority
Net Range: 192.168.0.0 - 192.168.255.255
Address: 4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Country: United States
Comment: This block is reserved for special purposes.
Please see RFC 1918 for additional information.
http://www.arin.net/reference/rfc/rfc1918.txt

Admin Contact:
Name: Internet Corporation for Assigned Names and Number
Phone: +1-310-301-5820
E-mail: abuse@iana.org

Tech Contact:
Name: Internet Corporation for Assigned Names and Number
Phone: +1-310-301-5820
E-mail: abuse@iana.org

Other Contacts:




-----------------------

Local Information:
Address: localhost
Port: 2280


Remote Information:
Address: 195.200.84.5
Port: 7024
Orgnization: Euroaccess USA
Net Range: 195.200.84.0 - 195.200.85.255
Country: United States

Admin Contact:
Name: EuroAccess Network Operations
Address: Alsacelaan 5
5627 CA Eindhoven
The Netherlands
Phone: +31 (0)20-7173209
Fax-no: +31 (0)40-2488764
E-mail: info@euroaccess.nl
Comment: ---------------------------------------------
! EuroAccess Enterprises Ltd. !
! providing bandwidth and hosting solutions !
---------------------------------------------
! ABUSE COMPLAINTS TO: !
! abuse@euroaccess.nl !
! E-MAILS SENT TO OTHER ADDRESSES !
! WILL BE IGNORED !
---------------------------------------------

Tech Contact:
Other Contacts:


----------------------------------------





Local Information:
Address: localhost
Port: 2282


Remote Information:
Address: 195.222.17.35
Port: 7024
Orgnization: Kaspersky Lab ZAO
Geroev Panfilovtsev 10
125363 Moccow
Net Range: 195.222.17.32 - 195.222.17.63
Country: Estonia

Admin Contact:
Name: Sergey Fomin
Address: System Administrator /Kaspersky Lab Ltd
10, Geroyev Panfilovtsev Str.,
123363, Moscow, Russia
Phone: +7 495 797 87 00
+7 495 797 87 07
Fax-no: +7 495 797 87 00
E-mail:

Tech Contact:
Other Contacts:




-------------------------------------




Local Information:
Address: 192.168.0.2
Port: 137


Remote Information:
Address: 85.12.57.87
Port: 137 (netbiosns, NETBIOS Name Service nbns)
Orgnization: Euroaccess
Net Range: 85.12.0.0 - 85.12.63.255
Country: Netherlands

Admin Contact:
Name: EuroAccess Network Operations
Address: Alsacelaan 5
5627 CA Eindhoven
The Netherlands
Phone: +31 (0)20-7173209
Fax-no: +31 (0)40-2488764
E-mail: info@euroaccess.nl
Comment: ---------------------------------------------
! EuroAccess Enterprises Ltd. !
! providing bandwidth and hosting solutions !
---------------------------------------------
! ABUSE COMPLAINTS TO: !
! abuse@euroaccess.nl !
! E-MAILS SENT TO OTHER ADDRESSES !
! WILL BE IGNORED !
---------------------------------------------

Tech Contact:
Other Contacts:


















-----------------------------------------------






i today copied and pasted the DNS of this address on google and found a russian furum talking about this



host-12.LabKasperDTC.212.5.89.0.0xffffff00.macomnet.net


Address: localhost

Port: 1133

address : 212.5.89.12

DNA name: host-12.LabKasperDTC.212.5.89.0.0xffffff00.macomnet.net

Port: 7022



Organization: kaspersky Lab



Net Range: 212.5.89.0 - 212.5.89.255

country: Russian Federation



Admin Contact:



Name : sergey Formin



Address: System Administrator /kaspersky lab ltd 10, geroyev panfilovtsev Str.,

123363, moscow, russia



phone +7 495 797 87 00

fax-no : +7 495 797 87 00






this is my contribute, anyone ideas to block this hackers?

[JustWrong]

Hello,

I'm having this same problem, and have been for some time. I went in to my router to block the address it attaches with, IP and MAC addresses banned...Next thing I know, I can't sign back in to my router. WTF?

3676 Admiralty Way Suite 330 ? As it happens, I live less than a mile from that address. Maybe I'll go pay "Bill" a visit.

If I disappear from the face of the planet . . . Well . . . I won't do it without a fight . . . So somebody check back with me, and if I don't reply . . . Send the authorities.

Never know with Russians involved (Or Americans?)

[JustWrong]

Hello troubled internet users,

This is an update a few minutes after my original post. The address is actually within MY OWN BANK BUILDING. The bank is now Chase Bank (Formerly Washington Mutual). Who knows about the stuff upstairs though.

I don't know, but I'm going to find out. Me and 3 of my biggest Samoan friends, that is. One of them is nicnamed Sequoia, and he's the smallest of the three (Diamond Head, and Dusty are the other two {dusty stands for dust storm...ever seen the size of a dust storm}). I can't wait to go there.
=)

What are the chances THE CABLE COMPANY IS RESPONSIBLE? TIME WARNER CABLE COMPANY has everything to gain from jackin' up connections here in town. I'm going to have to put all my service in their hands and buy a couple new computers it sounds like????????????

[spu001]

I got hit by the same outfit today. Google maps shows the location to be ICANN ( http://www.icann.org/ ) You know, he ones that assign all of the internet addresses. Hence, i assume its a spoof addy. Other than that, they can have at my pc, that way anything else I do bad can be blamed on them...

Who put all of these mp3's on my computer???

[chinta]

Hi folks noticed that i am also being pestered by the guys at 4676 ADMIRALTY WAY. I live in Scotland in the UK and am amazed this seems to be happening all over the world. How can this be allowed to happen. Does anyone know the phone number of these clowns so i can give them a real ear bashing. Is there anything you can do to stop this happening???

[CloudKill9]

I'm just curious, but out of everybody who has had this problem..who here uses Hamachi or any similar service like a VPN?

[momof4]

Hi...new to this forum ..hope u are still out there!I have had a credit card compromised w/ 2 fraud charges so far. I have cancelled the card but am so angry that I have been doing some investigating. The crook opened up a Paypal acct. with my card # and gave an email address which I have tracked to a server located at the 4676 Amiralty #330 address....Can someone explain to me: does this mean that "they" have actually used a computer in that office to send emails???? or is the "server address" just an IP address that originates from this location? I am not so tech savvy...any ideas???

[DebtEnd]

My business website is being hacked. Important e-mails are stolen and the site gets no visitors. My ip has been blacklisted as a result, my e-mails spoofed with bouncebacks. When I run my ip on BlacklistAlert I get the following: WARNING: No Reverse-DNS (PTR) is assigned to my IP. Please request your Admin or Provider to fix this What can I do? This is what I received to my business e-mail.

Here's what I see on my Stats page. This is very troubling, as I am losing business. Any help for the following would be appreciated. Thanks.

Urchin Whois Service: 172.17.8.61

[Querying whois.arin.net]
[whois.arin.net]

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
NetName: PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
NetHandle: NET-172-16-0-0-1
Parent: NET-172-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is used as private address space.
Comment: Addresses from this block can be used by
Comment: anyone without any need to coordinate with
Comment: IANA or an Internet registry. Addresses from
Comment: this block are used in multiple, separately
Comment: operated networks.
Comment: This block was assigned by the IETF in the
Comment: Best Current Practice document, RFC 1918
Comment: which can be found at:
Comment: http://www.rfc-editor.org/rfc/rfc1918.txt
RegDate: 1994-03-15
Updated: 2010-03-15

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2010-04-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

[YeOldeStonecat]

My business website is being hacked. Important e-mails are stolen and the site gets no visitors. My ip has been blacklisted as a result, my e-mails spoofed with bouncebacks. When I run my ip on BlacklistAlert I get the following: WARNING: No Reverse-DNS (PTR) is assigned to my IP. Please request your Admin or Provider to fix this What can I do? This is what I received to my business e-mail.
]

This really needs a new thread.
First...whoever designed your website, I'd have them review it again, security wise, and I'd have them consider having it hosted at a better webhost.

Second...what is your e-mail setup? Do you host your own e-mail server? Or do you just do POP3? I'm going to guess you have your own mail server on your business network, as you're getting the RevDNS mentioned above. Or, maybe without your knowledge, there's a bot SMTP engine on your network.

[yomha]

I know this is an old thread, but after searching the internet for the address 4676 Admiralty Way, Suite 330 I came up with this thread.

These guys must be hackers.. they may or may not be at that address... more than likely that are spoofing that address.

They hacked my computer, grabbed a bunch of pictures off of it and posted them to the internet. You must assume that have total control of your PC.

[Pettos]

Hi all,

Now, this topic has started up again and is XX amount years old.

My suggestion to you all, if you don't have a firewall - Get one. If you do not have anti-virus software. Get some.

Please refer to this thread here for useful antivirus software.
--This thread is old, so some software may no longer be available for free--

From my experience, it pays to get secure. My Steam gaming account got hacked by the well known [myg0t] clan of hacking gamers. In result I was banned off multiple gaming servers.

I got secure after this. I found a keylogging virus on my computer. I was lucky, as I use internet banking, and was working for myself around the same time. They could have got much worse than my gaming account.

I use Avast! and Spybot S&D resident (this allows to see what software is changing anything in your registry. So if something something is to change, then it goes through me first. I am also on a network which has a firewall

They can keep knocking at the door all they want, but if you've got a firewall, and take every precaution to keep yourself safe, then they're not gonna get anywhere, and if they do, it'll take them some time to get in.... Now, it probably would no longer be worth their time trying to get into your computer when they can go to the millions of other unsecured computers online.

I didn't like it when I was told this; 'Learn to get secure, or unplug' ... I learnt the hard way. I would suggest that anyone who has had this occurring on their computers to immediately get a firewall, and to perform a full system scan, and to change all their passwords once the scans are complete

[acorn69]

Had the same problem but dont think its hackers,i could be wrong but i did find this name and address so it just seems like normal internet traffic.

Steve Sheng
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA , 90292
United States of America
Phone: +1.310.823.9358
EMail: steve.sheng@icann.org