Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 66
  1. #16
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by vlavigne
    Steve Gibson's site is where I read the article about Windows.XP allowing masking of IP address.

    And again, this is not necessarily good.

    Zone ALarm is supposed to put you in stealth mode so that no one can tell if your on the net. If you are still getting hits, perhaps you have had a trojan/server on your system at some point. Best to do a thorough scan of your system with up-to-date virus scanner. You can also double check with an online scan from, Symantec has a FREE virus and security scan here: http://security1.norton.com/us/intro...=sym&langid=us
    I have found the online scan to be useful as a followup, sometimes it picks up things that another brand might miss.
    No viruses. IP will show up firewall or not also.

  2. #17
    Joined
    Dec 2000
    Posts
    5,051
    Careful Spud, theres a particular piece of equipment called a gateway. Its used to link the NAP points together into a common system.

  3. #18
    Joined
    May 2000
    Posts
    1,646
    ah yes, i stand corrected my good man.
    you and SoulStice always ruin my fun!

  4. #19
    Joined
    Dec 2000
    Posts
    5,051
    Just had enough fun trying to explain to people why there Internet Gateway isn't working. *sigh*

  5. #20
    Joined
    Oct 2000
    Location
    Toronto, Ontario
    Posts
    213
    jaydee116:
    try this website: http://housecall.antivirus.com it is a web based antivirus and it also searches for trojans in your computer. I found 4 hiding in my computer (I have Zone Alarm so they won't actually do anything). Give it a try!

    GO CANADA

  6. #21
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by hockeyfan
    jaydee116:
    try this website: http://housecall.antivirus.com it is a web based antivirus and it also searches for trojans in your computer. I found 4 hiding in my computer (I have Zone Alarm so they won't actually do anything). Give it a try!
    I have a good virus scanner, but I ran it anyway and it still came up empty.

  7. #22
    Joined
    Dec 2000
    Posts
    5,051
    Don't be too worried by scans, your isp for instance will perodically scan ports in order to determine if high risks ports are open.

    If they find its open they sometimes monitor the activity from there end to see if there maybe trojan activity or the like.



  8. #23
    Joined
    Dec 2000
    Posts
    5,051
    By the way, the only way you can truely mask ip is to hack ip packets. Not really a fun thing to do.

  9. #24
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987

    Thumbs up

    Originally posted by Bryan
    Don't be too worried by scans, your isp for instance will perodically scan ports in order to determine if high risks ports are open.

    If they find its open they sometimes monitor the activity from there end to see if there maybe trojan activity or the like.


    Yes, I know the IP of my ISP that scans my ports. I get hit by them 3 times in a day once a week. it says "authorized security scan by @home's anti fraud unit" or something like that when I trace it with Zone Alarm. The other 797 was kinda odd though. It seems to have slowed way down though. It is down to 50 hits a day which is ok because I surf a lot before and after work so it is probably just webhosts not logging off correctly and still pinging me??? Something like that.

  10. #25
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by Bryan
    By the way, the only way you can truely mask ip is to hack ip packets. Not really a fun thing to do.
    Yeah to hell with that!!! I think I will be ok. Nothing is going wrong. I have switched IP's so the one that was getting hit hard is hooked up to my SETI only comp so no damage will accure if something does happen. It runs ZoneAlarm to.

  11. #26
    Joined
    Oct 2000
    Location
    Toronto, Ontario
    Posts
    213
    Originally posted by jaydee116

    Yes, I know the IP of my ISP that scans my ports. I get hit by them 3 times in a day once a week. it says "authorized security scan by @home's anti fraud unit" or something like that when I trace it with Zone Alarm. The other 797 was kinda odd though. It seems to have slowed way down though. It is down to 50 hits a day which is ok because I surf a lot before and after work so it is probably just webhosts not logging off correctly and still pinging me??? Something like that.
    @home usually scans the ports with the following IP: 24.0.0.203
    the name for the IP is 'authorized-scan1.security.home.net'

    GO CANADA

  12. #27
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Originally posted by hockeyfan


    @home usually scans the ports with the following IP: 24.0.0.203
    the name for the IP is 'authorized-scan1.security.home.net'
    Yes that is it.

    Here is a copy and paste:

    The computer name ("domain name") identified for this IP address is:

    authorized-scan1.security.home.net

    (Note: if you see "DNSName" enclosed in square brackets, instead of a computer name, that means no reverse DNS entry was found for this IP address, and so the domain name could not be identified.)

    Whois Lookup of 24.0.0.203
    The following information was obtained from the "whois" database for the registry with which authorized-scan1.security.home.net is registered. This gives administrative and contact information about authorized-scan1.security.home.net.

    If no domain name was identified, or if it was not possible to determine which registry the IP address is registered under, and for certain foreign domains that are not currently supported, the information below was obtained from the ARIN whois database. In that case, the information is not about the specific computer at 24.0.0.203. The information in that case is administrative and contact information for the "upstream provider" that administers a block of IP addresses, of which 24.0.0.203 is only one.

    Particularly in the case of ARIN database results, the whois information below includes administrative information about a group of IP addresses that are all administered together. They may be administered together because the computers are all owned by the same person or organization, but they may not be. For example, an ISP may administer a large block of IP addresses together, but the ISP doesn't own all, or even most, of the computers on its network.

    Please do not assume the people named in this report are the ones who are responsible for the alert you saw. However, if you are getting repeated alerts from IP addresses in the same IP block, this is a good place to find out who administers the network. If you have identified malicious or highly suspicious activity and have ruled out configuration errors, bugs, and other benign causes, you may wish to contact a network administrator to notify him or her.

    The Data in Network Solutions' WHOIS database is provided by Network
    Solutions for information purposes, and to assist persons in obtaining
    information about or related to a domain name registration record.
    Network Solutions does not guarantee its accuracy. By submitting a
    WHOIS query, you agree that you will use this Data only for lawful
    purposes and that, under no circumstances will you use this Data to:
    (1) allow, enable, or otherwise support the transmission of mass
    unsolicited, commercial advertising or solicitations via e-mail
    (spam); or (2) enable high volume, automated, electronic processes
    that apply to Network Solutions (or its systems). Network Solutions
    reserves the right to modify these terms at any time. By submitting
    this query, you agree to abide by this policy.

    Registrant:
    Home Network (HOME5-DOM)
    425 Broadway St.
    Redwood City, CA 94063
    US

    Domain Name: HOME.NET

    Administrative Contact, Technical Contact:
    DNS Administration (DA24627-OR) abuse@HOME.COM
    @Home Network
    425 Broadway St
    Redwood City , CA 94063
    US
    650-556-5399
    Fax- 650-556-6666
    Billing Contact:
    Du, Trung (TD2157) trung@CORP.HOME.NET
    @Home Network
    425 Broadway Street
    Redwood City, CA 94063-3126
    650-569-5437 (FAX) 650-569-5100

    Record last updated on 15-Mar-2001.
    Record expires on 19-May-2006.
    Record created on 18-May-1995.
    Database last updated on 12-Jun-2001 10:33:00 EDT.

    Domain servers in listed order:

    NS3.HOME.NET 24.0.95.250
    NS4.HOME.NET 24.14.77.13
    NS5.HOME.NET 24.0.95.252
    NS6.HOME.NET 24.14.77.14





    One question though, how often do they scan you???? I have been scanned 12 times on each computer TODAY by them and 3 times each comp yesterday from them? I wonder why they started scanning harder on my PC's?


  13. #28
    Joined
    Jan 2001
    Age
    42
    Posts
    7,987
    Uh Oh!!! I think I did something wrong. I was going through the ZoneAlarm logs and see that @home security is also scanning me with 3 other IP's as well? Did I do something illegal? Why would they be doing this?

    I sent the security and e-mail asking what is up, but I doubt they will respond.

  14. #29
    Joined
    Dec 2000
    Posts
    5,051
    Don't worry, there probably concerned about not getting responses from your ips. Stealthing your ports isn't against there policies.

  15. #30
    Joined
    May 2001
    Location
    New York
    Posts
    688
    Don't know about that.....

    One thing I've personally noticed on my machine, though, is a daily alert in Norton Internet Security that a "Default backdoor subseven Trojan" was blocked.

    I know what a Trojan is, but it seems rather odd that I get hit with one on my PC every day (or 5x or 10x a day).

    I often considered that it was something similar to what you're experiencing.

    Anyone have any comments on that as well?

    Date: 6/13/2001 Time: 8:36:00
    Rule "Default Block Backdoor/SubSeven Trojan" blocked
    Inbound TCP connection
    Local address,service is
    Remote address,service is (24.48.88.212,2149)

    Date: 6/12/2001 Time: 23:42:12
    Rule "Default Block Backdoor/SubSeven Trojan" blocked
    Details:
    Inbound TCP connection
    Local address,service is
    Remote address,service is (66.65.24.214,2411)

    Date: 6/12/2001 Time: 23:37:00
    Rule "Default Block Backdoor/SubSeven Trojan" blocked
    Details:
    Inbound TCP connection
    Local address,service is
    Remote address,service is (172.173.178.54,2948)
    Process name is "N/A"

    Date: 6/12/2001 Time: 23:36:23
    Rule "Default Block Backdoor/SubSeven Trojan" blocked.
    Details:
    Inbound TCP connection
    Local address,service is
    Remote address,service is (63.10.71.92,4152)
    Process name is "N/A"
    And so on and so forth. Multiple remote address IPs.



    Motherboard: Tyan TigerMP Processor: (2x) 1.2 GHz Palominos Heatsink: (2x) Lapped Thermalright SK-6 with Sunon 26cfm fan RAM: 768MB Crucial ECC memory Video Card: Radeon 8500DV Sound Card: Audigy Platinum 5.1 Internal Boot Hard Drive: Seagate Cheetah X15-36LP Hard Drive Two: IBM 75GXP 75-gig Hard Drive Three: Western Digital WD800BB 80-gig Hard Drive Four, Five and Six: Western Digital WD1200JB 120-gig Mobile Rack: (3x) Lian Li RH-600External Hard Drive: Maxtor 80-gig SCSI Adapter: Adaptec 29160 CD-RW: Lite-on 24x CD-RW (Secondary IDE Master) DVD: Toshiba SD-1502 DVD w/PowerDVD (Secondary IDE Slave) NIC: 3Com HomeConnect Operating System: WinXP Professional Speakers: Klipsch ProMedia 4.1 Floppy: Standard Case: Modified Tweakbox Lian Li PC-70 Power Supply: 650W Enermax (via FS/FT for cheap!) UPS: APC SmartUPS 1400VA 950W (via eBay for cheap!) Fans: Currently 6 80mm case fans, four in, two out - Panaflo Monitor: 22" Compaq P1210 (via eBay for cheap!) Firewall: Linkysys Wireless Router/Firewall


    Andrew77777@aol.com
    53 *Positive* eBay refs - 0 neg.
    7 Positive Heatware

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •