Port Hacking from ADSL & other users

sposton · Apr 11, 2004

To everyone,

I see that my router reports a lot of ip addresses trying to access ports: 137, 6129,139,445,135 to name a few.

Are the people real! or just hackers trying to gain access to other peoples PC's. Are there any term's and conditions for these abusive (i feel) users with ADSL.

I get enough spam mail as it is and with the advent of the tools available to do this hacking and spaming.

Steve

Sun, 2002-09-08 14:00:13 - Initialize LCP.
Sun, 2002-09-08 14:00:14 - LCP is allowed to come up.
Sun, 2002-09-08 14:00:16 - PAP authentication success
Sun, 2002-09-08 14:04:38 - Send out NTP request to 200.19.119.69
Sun, 2002-09-08 14:05:40 - Send out NTP request to time-g.netgear.com
Sat, 2004-04-10 09:02:05 - Receive NTP Reply from time-g.netgear.com
Sat, 2004-04-10 08:56:24 - Router start up
Sat, 2004-04-10 09:25:20 - TCP Packet - Source:165.165.75.30,2949 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 09:26:23 - TCP Packet - Source:165.165.75.30,2950 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 09:27:26 - TCP Packet - Source:165.165.75.30,2932 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 09:28:29 - TCP Packet - Source:165.165.75.30,2945 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 09:29:32 - TCP Packet - Source:165.165.75.30,2948 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 09:30:35 - TCP Packet - Source:165.165.75.30,2949 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 09:31:38 - TCP Packet - Source:165.165.75.30,2950 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 09:43:19 - TCP Packet - Source:165.165.67.88,2900 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 09:44:22 - TCP Packet - Source:165.165.67.88,2901 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 09:45:25 - TCP Packet - Source:165.165.169.102,1353 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 09:46:28 - TCP Packet - Source:165.165.169.102,1357 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 09:47:31 - TCP Packet - Source:165.165.169.102,1342 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 09:48:34 - TCP Packet - Source:165.165.169.102,1343 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 09:49:37 - TCP Packet - Source:165.165.169.102,1348 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 09:50:40 - TCP Packet - Source:165.165.169.102,1353 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 09:51:43 - TCP Packet - Source:165.165.169.102,1357 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:23:33 - TCP Packet - Source:165.165.115.17,3490 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 10:24:36 - TCP Packet - Source:165.165.115.17,3539 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:25:39 - TCP Packet - Source:165.165.115.17,3187 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 10:26:42 - TCP Packet - Source:165.165.115.17,3194 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 10:27:45 - TCP Packet - Source:165.165.115.17,3490 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 10:28:48 - TCP Packet - Source:165.165.115.17,3539 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:34:16 - TCP Packet - Source:165.165.174.234,4628 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 10:35:19 - TCP Packet - Source:165.165.174.234,4631 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:36:22 - TCP Packet - Source:165.165.174.234,4619 Destination:165.165.121.24,135 - [DOS]
Sat, 2004-04-10 10:37:25 - TCP Packet - Source:165.165.221.180,2700 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:38:29 - TCP Packet - Source:165.165.221.180,4553 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 10:39:32 - TCP Packet - Source:165.165.221.180,4554 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:40:35 - TCP Packet - Source:165.165.221.180,4539 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 10:41:38 - TCP Packet - Source:165.165.221.180,4550 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 10:42:41 - TCP Packet - Source:165.165.221.180,4553 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 10:43:44 - TCP Packet - Source:165.165.221.180,4554 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 10:44:47 - TCP Packet - Source:165.165.221.180,4538 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 10:45:50 - TCP Packet - Source:165.165.221.180,4534 Destination:165.165.121.24,135 - [DOS]
Sat, 2004-04-10 10:59:22 - TCP Packet - Source:165.165.202.47,2675 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 11:01:04 - TCP Packet - Source:165.165.202.47,2678 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:02:07 - TCP Packet - Source:165.165.202.47,2679 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 11:03:10 - TCP Packet - Source:165.165.202.47,2672 Destination:165.165.121.24,135 - [DOS]
Sat, 2004-04-10 11:04:13 - TCP Packet - Source:165.165.202.47,2671 Destination:165.165.121.24,2745 - [DOS]
Sat, 2004-04-10 11:24:18 - TCP Packet - Source:165.165.202.47,4244 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:25:21 - TCP Packet - Source:165.165.202.47,4247 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 11:26:24 - TCP Packet - Source:165.165.202.47,4240 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 11:27:27 - TCP Packet - Source:165.165.202.47,4243 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 11:28:30 - TCP Packet - Source:165.165.202.47,4244 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:29:33 - TCP Packet - Source:165.165.202.47,4237 Destination:165.165.121.24,2745 - [DOS]
Sat, 2004-04-10 11:30:37 - TCP Packet - Source:165.165.67.88,3021 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:31:40 - TCP Packet - Source:165.165.67.88,3022 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 11:52:38 - TCP Packet - Source:165.165.77.224,2130 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:53:41 - TCP Packet - Source:165.165.77.224,1170 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 11:54:44 - TCP Packet - Source:165.165.77.224,1393 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 11:55:47 - TCP Packet - Source:165.165.77.224,2130 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 11:56:50 - TCP Packet - Source:165.165.77.224,1883 Destination:165.165.121.24,2745 - [DOS]
Sat, 2004-04-10 11:59:25 - TCP Packet - Source:165.165.77.224,2550 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 12:01:03 - TCP Packet - Source:165.165.77.224,2818 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 12:02:06 - TCP Packet - Source:165.165.77.224,4828 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 12:14:15 - TCP Packet - Source:165.165.190.49,4832 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 12:15:18 - TCP Packet - Source:165.165.190.49,4833 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 12:16:21 - TCP Packet - Source:165.165.190.49,4836 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 12:17:24 - TCP Packet - Source:165.165.77.224,1481 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 12:18:27 - TCP Packet - Source:165.165.77.224,2335 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 12:19:30 - TCP Packet - Source:165.165.77.224,2331 Destination:165.165.121.24,1025 - [DOS]
Sat, 2004-04-10 12:20:33 - TCP Packet - Source:165.165.77.224,2333 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 12:21:36 - TCP Packet - Source:165.165.77.224,2344 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 12:22:39 - TCP Packet - Source:165.165.77.224,1481 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 12:23:43 - TCP Packet - Source:165.165.77.224,2335 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 12:24:46 - TCP Packet - Source:165.165.77.224,1481 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 12:25:49 - TCP Packet - Source:165.165.169.104,1145 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 12:26:52 - TCP Packet - Source:165.165.169.104,1146 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 12:56:37 - TCP Packet - Source:165.165.253.135,2662 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 12:57:40 - TCP Packet - Source:165.165.253.135,2663 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 12:58:43 - TCP Packet - Source:165.165.253.135,2650 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 12:59:46 - TCP Packet - Source:165.165.253.135,2655 Destination:165.165.121.24,3127 - [DOS]
Sat, 2004-04-10 13:01:03 - TCP Packet - Source:165.165.253.135,2662 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 13:02:06 - TCP Packet - Source:165.165.253.135,2663 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 13:03:09 - TCP Packet - Source:165.165.253.135,2650 Destination:165.165.121.24,445 - [DOS]
Sat, 2004-04-10 13:04:12 - TCP Packet - Source:165.165.253.135,2663 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 13:26:50 - UDP Packet - Source:165.165.166.72,1031 Destination:165.165.121.24,137 - [DOS]
Sat, 2004-04-10 13:27:53 - UDP Packet - Source:165.165.166.72,1037 Destination:165.165.121.24,137 - [DOS]
Sat, 2004-04-10 15:42:30 - TCP Packet - Source:165.165.234.178,3153 Destination:165.165.121.24,6129 - [DOS]
Sat, 2004-04-10 15:43:33 - TCP Packet - Source:165.165.234.178,3158 Destination:165.165.121.24,139 - [DOS]
Sat, 2004-04-10 23:53:16 - Administrator login successful - IP:192.168.0.120
Sat, 2004-04-10 23:59:36 - Administrator login successful - IP:192.168.0.120
Sun, 2004-04-11 00:01:00 - TCP Packet - Source:212.38.84.182,1469 Destination:192.168.0.120,1720 - [myPhone match]
Sun, 2004-04-11 00:03:12 - TCP Packet - Source:212.38.84.182,1470 Destination:192.168.0.120,1720 - [myPhone match]
Sun, 2004-04-11 00:04:20 - TCP Packet - Source:212.38.84.182,1471 Destination:192.168.0.120,1720 - [myPhone match]
Sun, 2004-04-11 00:11:52 - Administrator login successful - IP:192.168.0.120

reech · Apr 11, 2004

Don't be so paranoid - these are probably zombie machines trying to infect yours- ports 137 and 135 are common virus - spreading ports.

Karnaugh · Apr 11, 2004

That is just common virus propagation attempts, you should disregard access to ports 135,137,139 and 445

Code:

Rule       Packets   Bytes  Description
30000      10046     739596 deny ip from any to any dst-port 135,137,139,445

- Colin Alston
colin at alston dot za dot org

"Warning: Use with extreme caution."

BTTB · Apr 11, 2004

The Dynamic Ip assignment by Telkom, we all know was implemented to prevent a migration of the leased line customers, so that they cant host their own websites or mail servers. Their motive is to keep their business clientele intact and thats all.
Telkom speculates that it is done to protect us from malicious hackers etc, locking on to a Fixed Ip Assignment. This is complete and utter nonsense on their behalf. A hacker can log onto a dynamic ip just as easy. He just has a shorter window period to deliver his load. 24 hours is time enough for anyone wanting to sent malicious code to any machine.

In actual fact this Dynamic Ip Assignment has a whip in the tail. You are now exposed to someone else's last Ip and all the TCP Packets you are now experiencing. A fixed Ip and a Secure Server has the ability to stop all unwanted incoming requests in its tracks.

One other thing with the dynamic ip assignment I noticed the other night. At exactly 12.08am my 3 downloads were cut off completely. About 200Megs was wasted as I had to restart the download. Over and above the fact that I lost 200Megs, I wonder if the person who had my last IP isnt been charged for the rest of my download that was interrupted? Anyone answer this?

<hr noshade size="1">You can take Telkom out of the Post Office but you can't take the Post Office out of Telkom.

Andre · Apr 11, 2004

Use a download manager.

Here's one:
http://www.getright.com

BTTB · Apr 11, 2004

Hi Andre.

Yes thanks mate.

Who would of thought that you would need a Download Manager with ADSL. Supposed to be so faaaaaaast... %#^%#&%

<hr noshade size="1">You can take Telkom out of the Post Office but you can't take the Post Office out of Telkom.

grubman · Apr 11, 2004

another point to ponder wrt fixed ip's ... the "infected" machines are more easily identified and corrective measures can be taken, e.g. we notify abuse@saix and saix lookup who the ip belongs to and informs the owners of the machine to fix it up.

Ok, so i'm living in a dream world so sue me.

Port Hacking from ADSL & other users

sposton

Member

reech

Expert Member

Karnaugh

Banned

BTTB

Executive Member

Andre

Expert Member

BTTB

Executive Member

grubman

Well-Known Member