My Hacker...

Okay, this person tried to hack into my machine 7 times today. The IP is: 65.172.201.104

I did a "whois on IP" and got the below, which is really strange...

then a who is just the IP, no web sites hosted? Okay... that is all I can explain because I am not a tech guru. Plus, google TLAM@... is this some nutcase or just a random?

Oh, what is ebaseone?


Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: Office of the Future
OrgID: OFFICE
Address: 115 River Rd
City: Edgewater
StateProv: NJ
PostalCode: 02020
Country: US
Comment:
RegDate: 1992-09-10
Updated: 1992-09-10

Name: LY THIEN LAM, KEITH
Handle: KL573-ARIN
Company:
Address: TIGER MOUNTAIN TECHNOLOGIES
Address: PO BOX 1574
City: MORTON
StateProv: WA
PostalCode: 98356-1574
Country: US
Comment:
RegDate: 2001-11-26
Updated: 2001-11-26
Phone: +1-281-885-1924 (Office)
Email: TLAM@ebaseone.com


who is this?

i dont' want your thread to locked again b/c a mod doesn't know what you're talking about. please tell us what happened! if you can, edit your post and be more specific. no one knows what you're talking about! lol

is that better? i just use this place to look stuff up:
http://www.dnsstuff.com/

this is what is at 115 River Rd. in Edgewater NJ

Edgewater Pediatrics


Description - Doctors
Address - 115 River Rd # 1003, Edgewater, NJ 07020-1036 Map It
Telephone - (201) 945-9453
Review - Submit first review
Updated 2004-11-06

Doctors, Edgewater
FLJ & M Medical Professional


Description - Doctors
Address - 115 River Rd, Edgewater, NJ 07020-1006 Map It
Telephone - (201) 941-4405
Review - Submit first review
Updated 2004-11-06

is a website designing company? yes, and internet service provider.

http://www.lewiscounty.com/web_design.html

:( :shrug: i don't know what all those things mean as to who exactly is trying to hit your computer.

belongs to a small ISP called Tiger Mountain Technologies - so most probably it is a computer in someone's home connected to that ISP.

That doesn't really mean that someone in WA is trying to "hack into your machine". There are millions upon millions of computers unknowingly hosting various worms/trojans whose blissfully unaware owners don't know that their computer keeps probing thousands of other computers in its "spare time" and, if successful, sends resulting info back to someone who can use it to get in.

I found this interesting resource by doing random chess based logic searches:

http://64.233.161.104/search?q=cache:CZNhq1icad0J:www.w3os.nl/logos/index.php%3Fid%3DC0_4_1+%22office+of+the+future%22+election+2004&hl=en

I cannot understand numbers, but chess... well chess is a language that makes sense, lmao. I am challanged, very:)

a business DSL account.

dnsstuff must have some old information because Office of the Future was an old National Science Foundation project that's long since been disbanded. Look at the Registration and Update dates -- they're both 1992, long before the NSF Arpanet backbone was sold off to become the commercial internet. Here's a more accurate whois lookup...

do you use to run your searches? dns stuff is old? is there something better?

This is really cool and it is all coming out of using this URL with various search strings:

http://politics.technorati.com/

Note to self: Don't read lala_rawraw posts when tired.

lala, I appreciate that you are reeling from a cold or something, but you're providing very little in the way of context, so it's a bit like listening to half of a telephone conversation.

(and yes, technorati is cool. Found DU through it in fact, some months ago. :-) )

I just use the whois command on my server, but http://samspade.org will give you the same information (we both check against the ARIN database).

Tiger Mountain Technologies looks like it is a reseller of Sprint DSL in Lewis County, WA. http://www.lewiscounty.com/services.htm

I agree with the person posting after me, it's probably just a random port scan. Nothing to be too concerned over.

I had all of that pop up on my Norton saying there was an attempted jacking of my computer from that address which turns out to b Sprint I guess in reston, VA but its weird because I have nothing through Sprint, not my phone, not my internet, nothing.

Maybe its all part of an even bigger conspriacy theory.....

I have a Sygate Firewall
Everytime I'm connected, I have Port Scan Attacks,
sometimes 3 or more per session, all get blocked,
but I would like to back trace, usually "Whois" comes back
empty-handed
I do have a real problem
In April, Pest Patrol found "PC Anywhere" installed in my Desktop-

I never installed it

did you just get random port scans, which port were they against, which protocol - HTTP/FTP/ etc? Were the scans run against port numbers higher than 1027? etc etc.

And, no savvy hacker would use a US-based IP unless they were bouncing through the server. They'd have an anon proxy in a country where server log details aren't kept, which had no reciprocal arrangement with US LEA's and so on. Even then their true IP would show up in the server log unless they had a proxy chain.

I looked at the netblock range that IP is off and it's very small, suggesting it's a corporate network. Background traffic methinks.

Any real hacking is done through anonymous proxies and bot-nets (networks of virus infested PCs whose viruses call home (usually to an IRC channel) and put the machine they're on at the hacker's beck and call -- i.e. a zombie).

file sharing? i don't know where to look... is that correct?

window file sharing /system/cvhost.exe

is that what you need?

same destination:

WHOIS results for !NET-65-172-200-0-1
Generated by www.DNSstuff.com
Country: Unknown

Looking up !NET-65-172-200-0-1 at whois.arin.net.

NOTE: More information appears to be available at KL573-ARIN.

Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: TIGER MOUNTAIN TECHNOLOGIES
OrgID: TMT-5
Address: PO BOX 1574
City: MORTON
StateProv: WA
PostalCode: 98356-1574
Country: US

NetRange: 65.172.200.0 - 65.172.201.255
CIDR: 65.172.200.0/23
NetName: FON-110184243291049
NetHandle: NET-65-172-200-0-1
Parent: NET-65-160-0-0-1
NetType: Reassigned
Comment:
RegDate: 2001-11-26
Updated: 2001-11-26

TechHandle: KL573-ARIN
TechName: LY THIEN LAM, KEITH
TechPhone: +1-281-885-1924
TechEmail: ****@ebaseone.com

# ARIN WHOIS database, last updated 2005-01-27 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Not a clue what this means... am just stupid=me. Sorry:(

Is this a normal "network adapter"? sounds really odd

Details: Protecting your connection to a newly detected network on adapter "WAN (PPP/SLIP) Interface" (?

Svchost.exe is the one to be worried about although there are nasties that can rename to the legit system file to hide their presence.

If you posted clear information I could tell you what was happening, eg you firewall log. But don't post it, especially if you have a static IP.

what does that mean?

sorry for using obscure abbreviations.

that it was not hacked, because blocked? or that means it was hacked? or that means that it is nothing to worry about?

no files stolen or something like that?

Okay, I am going to try to make this not "half a phone call conversation" as much as possible.

Do you guys know "Focus on the Family?" run by Dobson? Its domain name is family.org

They are near impossible to figure out, okay, mabye just for me. I did run a DNS report....and here it is... let me know if you guys see anything strange... especially how the email servers seem to resolve... is it me, or are they resolving to the topic of this thread? In other words, Office Of Future...Let me know if I am not clear... I have a hard time understanding this stuff let alone asking questions about it. I don't mean to be vague, i am just unable to make enough sense out of this enough to ask my questions. My question is, is this a normal DNS report and does the final destination of the mail servers go to Office of Future, but also to a UN site...if I am wrong, please let me know.

http://www.dnsreport.com/tools/dnsreport.ch?domain=family.org

All that happened is that someone with that IP made a connection attempt to your PC. It could have been a real hack attempt, but more than likely it was an accident or something legit. I get dozens of these a day.

My advice: You must be running a firewall, or you would not be able to tell if someone made a connection attempt. So that means that your firewall is doing it's job. So ignore it.

Welcome to the Internet.

thanks... feels like i just started on the Net, but really... I just don't get the whole route thing... plus, my job is to be in expert at what i do and go to you guys, experts and what you do... so thank you my dear expert friend...it is nice to know where to go when one has questions... yes, firewall is up, but odd that it happened on the same day the Clermont story ran (rawstory.com). I swear, i am generally not THIS stupid... I actually play solid chess... but give me an IP or numbers and my brain falls out of head and goes splat. I see patterns in everything, yet I cannot discuss them in numbers:( I am clearly very challanged, lmao:)

thanks so much... i owe you one, or two...:D

Say you're just an everyday person who occasionally digs into stuff, and you wouldn't be too happy to have unknown hackers busting into your computer.

Say you have a basic firewall working.

Say you check to see who's been electronically knocking at your door.

When should you be concerned? How do you know when to be?

If an industrial strength hacker wants to get into your system, how would you stop them? (assuming it's not just an everyday hacker).


That Reston, Virginia address would concern me if you guys hadn't said nah, don't worry -- because the CIA and lots of defense-related stuff is in surburban Virginia just outside of D.C.

You'd just be scaring yourself for no reason if you even bothered to look at them without some technical knowlege.

If you have a NAT/firewall, then you shouldn't see *any* unsolicited connections on your desktop.

If you insist on using IE as your browser, that's you're own damn fault.

Basically try to boil down what you *need* to do versus recreation, and only use your computer for that. Hate to say it, but that's the only way to reduce your risk if you don't have some level of experience. The more bells and whistles you turn on, the worse off you are going to be.

Now, if you are lucky enough to have a friend or relative that can convert you over to Linux and hold your hand until you know your way around, and you are willing to give up a few of the more gratuitous excesses you have been enjoying, then that person can probably get a system running for you that will go most places on the web and do basic desktop productivity. That will keep you relatively safe for a while, until enough people are doing it that the adware people start targeting us, at which point I think we will fare quite well in patching things up really fast, but it will take some effort to keep your machine up to date. Consider that a get out of jail for a few years option.

Or, if you downgrade to really crusty versions of Windows, you'll be immune to most of the crap which is aimed at W2K and over. That is, if your machine hardware isn't so new that the old version of Windows refuses to work.

Or you could go MAC. But they are probably going to get hit before us Linux folks do.