|
Home > Archive > General Discussion > May 2002 > Beware these are known hackers IP address ranges.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Beware these are known hackers IP address ranges.
|
|
| Yeti-GBR1 2002-05-29, 6:18 pm |
| I have been hacked from the following IP address's. I suggest all that read this block these ip's asap. 
RNT INTERNET.COM (NETBLK-QWEST-EWR-INTERNET1) QWEST-EWR-INTERNET1
63.236.73.0 - 63.236.73.255
whois -h whois.arin.net 192.175.48.1
Root Server Technical Operations Assn (NET-ROOTSERV)
950 Charter Street
Redwood City, CA 94063
US
Netname: ROOTSERV
Netblock: 192.175.48.0 - 192.175.48.255
prisoner.iana.org : 192.175.48.1
These have either been spoofed or actual users from these IP addresses are practicing their hacking skills. | |
|
| Sounds kinda spooky.
What were they after, do you know? And how did you detect and block the attempt?
Hippo | |
| secondskin 2002-05-29, 9:55 pm |
| I dont know about the other addresses, but prisoner.iana.org is not someone hacking you..
This is from google
In order to stop rampant paranoia this is the server that is authoritative for all the RFC1918 addresses (10.X.Y.Z, 172.16/12, 192.168.X.Y).
;; AUTHORITY SECTION:
10.in-addr.arpa. 10800 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
>
You've probably got "Register this connection's addresses in DNS" under Win2K
(or greater) or you've got Win9X and it is doing a lookup for your local
NIC ip address(es). In either case this is your TCP/IP stack requesting
this and you wouldn't want to block that ;-)
In either case you can disable this option under Win2K and add an entry
in your hosts file (any OS) to make this go away.
hope this helps. I had been getting the same problem myself and thought the same as you, untill I did a search on google.
Google.com has to be one of the best places to solve win2000 probs. Always do the search under groups. | |
| Yeti-GBR1 2002-05-30, 6:31 pm |
| Cheers secondskin,
I have got a couple of mates (heavy on Security side) looking into it. looks like I have a Hacker that has breached my ISA server though, and got a hidden login.
Only solution = Flaten my logins/domain and start all over again  |
|
|
|
|