Printable Version of Topic

Posted by: cooltimes Aug 18 2004, 09:32 AM

Non 914:
Can anyone tell me in dummy language ( simple and understandable) what this below means.

Blocked incoming TCP
Blocked outgoing TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 211.232.56.200 (port 3148). The template rule in effect for this traffic was "Unknown traffic"


I am especially interested in how to look up numbers such as the 211.232.56.200 (port 3148) and identify where they originate. The number shown is just an example of many other numbers the firewall reports.
My firewall shows this often as well as SYN attack blocked.
Thanks.

Cooley

Posted by: Part Pricer Aug 18 2004, 10:09 AM

You got probed.

Here's the info:

211.232.56.200 = [ 211-232-56-200.intertns.com ] (www.nic.or.kr) Whois
query: 211.232.56.200
ENGLISH
KRNIC is not a ISP but a National Internet Registry similar to APNIC.
The IPv4 address is allocated and still held by the following ISP or
its Whois information is not updated after assigned to end-users.
Please see the following ISP contacts for further information
or network abuse.
[ ISP Organization Information ]
Org Name : INTERTNS
Service Name : JLAN
Org Address : 281-3 Hyoja1-Dong Wansan-Ku Chonju city
[ ISP IP Admin Contact Information ]
Name : Hyun-sung Lee
Phone : 82-63-224-6774
Fax : 82-63-227-1126
E-Mail : adasu@intertns.com
[ ISP IP Tech Contact Information ]
Name : Geun-Soo Kim
Phone : 82-63-224-6774
Fax : 82-63-227-1126
E-mail : ip@intertns.com
[ ISP Network Abuse Contact Information ]
Name : Geun-Soo Kim
Phone : 82-63-224-6774
Fax : 82-63-227-1126
E-mail : help@intertns.com
KOREAN
IPv4 ISP (End-User) IPv4
KRNIC ISP

IPv4 ISP
[ ISP IPv4 ]
:
:
: 281-3 ()
[ ISP IPv4 ]
:
: 82-63-224-6774
: 82-63-227-1126
: adasu@intertns.com
[ ISP IPv4 ]
:
: 82-63-224-6774
: 82-63-227-1126
: ip@intertns.com
[ ISP Network Abuse ]
:
: 82-63-224-6774
: 82-63-227-1126
: help@intertns.com
- KRNIC Whois Service -


You can go to samspade.org for online tools to lookup IP addresses.

Posted by: cooltimes Aug 18 2004, 10:39 AM

Thanks. The explanation was superb. Simple is easy to understand. I copied and pasted your reply as a permanent file in my VIP files.
Advice: Lots of old farts like me should do the same.

Why do they want to probe a persons computer? What do they hope to find? Any idea?

I don't do porn since I live in the real world of man/woman relations, not perverted in any sense but lots of time using a search engine will always muster up one of those slim sites that won't let you back out or close the link.

Posted by: Part Pricer Aug 18 2004, 10:49 AM

You get probed because they are looking for vulnerabilities. They are looking for openings that may let them take over control of your computer. I live in this online underworld everyday and you might be suprised how rampant this is.

I was reading a report this morning that estimates that there are over 3 million PC in the U.S. That are under someone else's control.

They want to place a bot on your machine and turn it into a zombie. Usulally, these PCs can be set into action via a simple IRC command. The most common use of this is to launch distributed Denial of Service attacks.

Posted by: davep Aug 18 2004, 10:54 AM

As to why you were probed, I would say that the attacker probes random or sequential addresses looking for vulnerable computers. If the computer is vulnerable, then a program is installed allowing the attacker to use your computer as he would use his own. Why? To host or store porn or possibly to be used to attack other computers.

Without a firewall your computer is a sitting duck. With Windows 2000 on up you can be attacked and compromised just by logging onto the internet. If you have just added a firewall, then update you virus definitions and do a full scan. Then use AdAware and Spybot S&D to scan for other infections. Sometimes your only course of action is to wipe and reinstall. But be sure to install the firewall before you connect to the internet the first time.

DaveP

Posted by: cooltimes Aug 18 2004, 03:29 PM

Found this address for the free, but several years old, Sam Spade software that will find those IP long numbers sleazebags probing our computers. Use gently as some of those returned probing efforts by you of those IP numbers are often offended and may add you to a blacklist.

http://samspade.org/ssw/download.html

I am beginning to think that computers are not just passing time instruments, game and email toys anymore.

Posted by: davep Aug 18 2004, 03:58 PM

No, they are tools to be supplied by the unwary to the unscrupulous to be used to inflict misery on the masses.

JMHO

Posted by: cooltimes Aug 18 2004, 05:11 PM

Truer than it sounds.
Musing since the thread subject is not 914 and winding down:

This BBS, Forum or whatever anyone wants to call it has a place for everybody and the subjects we can come up with. Nice. Thanks 914World.com, Brad and all the helping adminstrators that make it so.

Use to be.. there was shooters that just waited in 914 cyberspace to shoot at written email if we didn't aim our fingers to the right keys on our keyboard and talked off subject. I am not referring to the list master on Rennlist. He ran a good track as far as I am concerned. Besides that, he's my friend. Only to those who tried to police the messages.
Here, if you got something to say you say it and screw the shooters.

Thanks for the help to my query. I appreciate the knowledge you furnished.