Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been Attack 3 Times Tonight


  • Please log in to reply
9 replies to this topic

#1 mohmama3

mohmama3

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 January 2008 - 09:19 PM

I have been attacked 3 times tonight by the same computer IP address: 67.228.126.231 : 58619. The trojans are as follows:
RASMIN TROJAN HORSE
SPYSENDER TROJAN HORSE
BACKDOOR/SUBSEVEN TROJAN HORSE

My question is: Is there a place you can report the IP address to and would it do any good?

Make that 1825 times.

Traced it to Seattle, Wa. Host name: newlooknew.com (which isn't valid). I talked to my internet provider and they said they couldn't do anything unless they carried them.

Tracing route to 67.228.126.231
Hop Time Host IP Location
1 9.645 wsip-70-183-59-1.oc.oc.cox.net 70.183.59.1 Irvine, CA, United States
2 10.195 68.4.15.9 68.4.15.9 Irvine, CA, United States
3 10.607 ip68-4-14-125.oc.oc.cox.net 68.4.14.125 Irvine, CA, United States
4 9.08 rsmtdsrj02-ge600.0.rd.oc.cox.net 68.4.14.213 Irvine, CA, United States
5 11.575 68.1.0.107 68.1.0.107 Fort Walton Beach, FL, United States
6 52.026 cr2-cr1.lax009.internap.net 66.79.146.206 Atlanta, GA, United States
7 48.704 cr1.sea002.inappnet.cr2.lax009.internap.net 66.79.146.225 Atlanta, GA, United States
8 53.302 core6.inappnet-497.sef.internap.net 66.79.144.38 Atlanta, GA, United States
9 46.809 border2.t8-1-bbnet2.sef003.pnap.net 63.251.160.86 Seattle, WA, United States
10 49.534 softlayer-7.border2.sef003.pnap.net 63.251.162.78 Seattle, WA, United States
11 47.923 po02.fcr01.sea01.seattle-datacenter.com 67.228.118.138 , ,


Host name: newlooknew.com

Edited by mohmama3, 26 January 2008 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:10:12 AM

Posted 26 January 2008 - 12:43 PM

What application is alerting you to the attack? Is this E-mail related?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:12 PM

Posted 26 January 2008 - 05:24 PM

The computer IP address: 67.228.126.231
is linked to:
OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.softlayer.com:4321

Do you know these people?

BBPP6nz.png


#4 mohmama3

mohmama3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 January 2008 - 08:36 PM

No I don't know them and it isn't email related. It is attacking my computer even if I am not in my email or on a website. 3690 attacks with various trojans since last night.

Edited by mohmama3, 26 January 2008 - 08:38 PM.


#5 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:12 PM

Posted 26 January 2008 - 08:44 PM

It could be an attack or false posotives, What program is telling you this information?
Regards,

Alan.

#6 mohmama3

mohmama3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 January 2008 - 09:28 PM

I am getting an alert from my symantec firewall.

This is just a sample of my log:




communications. Details:
Inbound TCP connection
Remote address,service is (67.228.126.231,58619)
Process name is "N/A"
1/26/2008 20:40:51 Supervisor Trojan attempt detected from address

67.228.126.231 by rule "Default Block ShockRave Trojan horse".
Blocked further access for 30 minutes.
1/26/2008 20:40:47 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1980)
1/26/2008 20:40:42 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1979)
1/26/2008 20:40:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1978)
1/26/2008 20:40:33 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1977)
1/26/2008 20:40:29 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1976)
1/26/2008 20:40:25 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1975)
1/26/2008 20:40:20 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1974)
1/26/2008 20:40:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1973)
1/26/2008 20:40:12 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1972)
1/26/2008 20:40:07 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1971)
1/26/2008 20:40:03 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1970)
1/26/2008 20:39:59 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1969)
1/26/2008 20:39:54 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1968)
1/26/2008 20:39:50 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1967)
1/26/2008 20:39:45 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1966)
1/26/2008 20:39:41 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1965)
1/26/2008 20:39:37 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1964)
1/26/2008 20:39:32 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1963)
1/26/2008 20:39:28 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1962)
1/26/2008 20:39:24 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1961)
1/26/2008 20:39:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1960)
1/26/2008 20:39:15 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1959)
1/26/2008 20:39:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1958)
1/26/2008 20:39:06 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1957)
1/26/2008 20:39:02 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1956)
1/26/2008 20:38:57 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1955)
1/26/2008 20:38:53 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1954)
1/26/2008 20:38:49 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1953)
1/26/2008 20:38:44 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1952)
1/26/2008 20:38:40 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1951)
1/26/2008 20:38:36 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1950)
1/26/2008 20:38:31 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1949)
1/26/2008 20:38:27 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1948)
1/26/2008 20:38:22 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1947)
1/26/2008 20:38:17 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1946)
1/26/2008 20:38:13 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1945)
1/26/2008 20:38:08 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1944)
1/26/2008 20:38:04 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1943)
1/26/2008 20:38:00 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1942)
1/26/2008 20:37:55 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1941)
1/26/2008 20:37:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1940)
1/26/2008 20:37:46 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1939)
1/26/2008 20:37:42 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1938)
1/26/2008 20:37:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1937)
1/26/2008 20:37:33 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1936)
1/26/2008 20:37:29 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1935)
1/26/2008 20:37:25 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1934)
1/26/2008 20:37:20 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1933)
1/26/2008 20:37:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1932)
1/26/2008 20:37:12 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1931)
1/26/2008 20:37:07 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1930)
1/26/2008 20:37:03 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1929)
1/26/2008 20:36:58 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1928)
1/26/2008 20:36:54 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1927)
1/26/2008 20:36:50 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1926)
1/26/2008 20:36:45 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1925)
1/26/2008 20:36:41 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1924)
1/26/2008 20:36:37 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1923)
1/26/2008 20:36:32 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1922)
1/26/2008 20:36:28 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1921)
1/26/2008 20:36:23 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1920)
1/26/2008 20:36:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1919)
1/26/2008 20:36:15 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1918)
1/26/2008 20:36:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1917)
1/26/2008 20:36:06 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1916)
1/26/2008 20:36:02 Supervisor An instance of "C:\Program

Files\Internet Explorer\iexplore.exe" is preparing to access the

Internet for the first time
1/26/2008 20:36:02 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1915)
1/26/2008 20:35:57 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1914)
1/26/2008 20:35:53 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1913)
1/26/2008 20:35:48 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1912)
1/26/2008 20:35:44 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1911)
1/26/2008 20:35:40 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1910)
1/26/2008 20:35:35 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1909)
1/26/2008 20:35:27 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1907)
1/26/2008 20:35:21 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1906)
1/26/2008 20:35:17 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1905)
1/26/2008 20:35:13 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1904)
1/26/2008 20:35:08 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1903)
1/26/2008 20:35:04 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1902)
1/26/2008 20:34:59 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1901)
1/26/2008 20:34:55 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,ssdp(1900))
1/26/2008 20:34:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1899)
1/26/2008 20:34:46 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1898)
1/26/2008 20:34:42 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1897)
1/26/2008 20:34:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1896)
1/26/2008 20:31:41 Supervisor An instance of "C:\Program

Files\Internet Explorer\iexplore.exe" is preparing to access the

Internet for the first time
1/26/2008 20:26:39 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.63.236.143,7212)
1/26/2008 20:05:47 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.226.220.75,2968)
1/26/2008 20:05:41 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.226.220.75,2968)
1/26/2008 20:04:33 Supervisor Rule "Default Block FTP99CMP Trojan

horse" blocked Details:
Inbound TCP connection
Remote address,service is (67.228.126.231,58619)
Process name is "N/A"
1/26/2008 20:04:33 Supervisor Trojan attempt detected from address

67.228.126.231 by rule "Default Block FTP99CMP Trojan horse".
Blocked further access for 30 minutes.
1/26/2008 20:04:29 Supervisor Unused port blocking has blocked


communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1443)
1/26/2008 20:00:54 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1442)
1/26/2008 20:00:50 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1441)
1/26/2008 20:00:45 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1440)
1/26/2008 20:00:41 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1439)
1/26/2008 20:00:37 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1438)
1/26/2008 20:00:32 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1437)
1/26/2008 20:00:28 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1436)
1/26/2008 20:00:23 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1435)
1/26/2008 20:00:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,ms-sql-m(1434))
1/26/2008 20:00:15 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,ms-sql-s(1433))
1/26/2008 20:00:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1432)
1/26/2008 20:00:06 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1431)
1/26/2008 20:00:02 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1430)
1/26/2008 19:59:57 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1429)
1/26/2008 19:59:53 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1428)
1/26/2008 19:59:48 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1427)
1/26/2008 19:59:44 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1426)
1/26/2008 19:59:40 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1425)
1/26/2008 19:59:35 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1424)
1/26/2008 19:59:31 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1423)
1/26/2008 19:59:26 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1422)
1/26/2008 19:59:21 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1421)
1/26/2008 19:59:17 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1420)
1/26/2008 19:59:13 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1419)
1/26/2008 19:59:08 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1418)
1/26/2008 19:59:04 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1417)
1/26/2008 19:58:59 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1416)
1/26/2008 19:58:55 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1415)
1/26/2008 19:58:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1414)
1/26/2008 19:58:46 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1413)
1/26/2008 19:58:42 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1412)
1/26/2008 19:58:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1411)
1/26/2008 19:58:33 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1410)
1/26/2008 19:58:29 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1409)
1/26/2008 19:58:24 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1408)
1/26/2008 19:58:20 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1407)
1/26/2008 19:58:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1406)
1/26/2008 19:58:11 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1405)
1/26/2008 19:58:07 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1404)
1/26/2008 19:58:03 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1403)
1/26/2008 19:57:58 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1402)
1/26/2008 19:57:54 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,1401)
1/26/2008 19:36:53 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.182.97.251,2967)
1/26/2008 19:27:52 Supervisor Rule "Default Block DeepThroat Trojan

horse" blocked Details:
Inbound TCP connection

Remote address,service is (67.228.126.231,58619)
Process name is "N/A"
1/26/2008 19:27:52 Supervisor Trojan attempt detected from address

67.228.126.231 by rule "Default Block DeepThroat Trojan horse".
Blocked further access for 30 minutes.
1/26/2008 19:27:48 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,998)
1/26/2008 19:27:44 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,997)
1/26/2008 19:27:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,996)
1/26/2008 19:27:34 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,995)
1/26/2008 19:27:29 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,ircs(994))
1/26/2008 19:27:28 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.3.134.250,8000)
1/26/2008 19:27:25 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,993)
1/26/2008 19:27:21 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,992)
1/26/2008 19:27:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,991)
1/26/2008 19:27:12 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,990)
1/26/2008 19:27:08 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,989)
1/26/2008 19:27:03 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,988)
1/26/2008 19:26:59 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,987)
1/26/2008 19:26:54 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,986)
1/26/2008 19:26:50 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,985)
1/26/2008 19:26:46 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,984)
1/26/2008 19:26:40 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,983)
1/26/2008 19:26:36 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,982)
1/26/2008 19:26:32 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,981)
1/26/2008 19:26:27 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,980)
1/26/2008 19:26:23 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,979)
1/26/2008 19:26:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,978)
1/26/2008 19:26:14 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,977)
1/26/2008 19:26:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,976)
1/26/2008 19:26:05 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,975)
1/26/2008 19:26:01 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,974)
1/26/2008 19:25:57 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,973)
1/26/2008 19:25:52 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,972)
1/26/2008 19:25:48 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,971)
1/26/2008 19:25:44 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,970)
1/26/2008 19:25:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,969)
1/26/2008 19:25:34 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,968)
1/26/2008 19:25:29 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,967)
1/26/2008 19:25:25 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,966)
1/26/2008 19:25:21 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,965)
1/26/2008 19:25:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,964)
1/26/2008 19:25:12 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,963)
1/26/2008 19:25:08 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,962)
1/26/2008 19:25:03 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,961)
1/26/2008 19:24:59 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,960)
1/26/2008 19:24:57 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.234.41.8,6588)
1/26/2008 19:24:55 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,959)
1/26/2008 19:24:49 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,958)
1/26/2008 19:24:45 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,957)
1/26/2008 19:24:40 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,956)
1/26/2008 19:24:36 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,955)
1/26/2008 19:24:32 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,954)
1/26/2008 19:24:27 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,953)
1/26/2008 19:24:23 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,952)
1/26/2008 19:24:22 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.71.241.118,2967)
1/26/2008 19:24:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.71.241.118,2967)
1/26/2008 19:24:19 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,951)
1/26/2008 19:24:14 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,950)
1/26/2008 19:24:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,949)
1/26/2008 19:24:05 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,948)
1/26/2008 19:24:00 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,947)
1/26/2008 19:23:56 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,946)
1/26/2008 19:23:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,945)
1/26/2008 19:23:47 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,944)
1/26/2008 19:23:43 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,943)
1/26/2008 19:23:38 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,942)
1/26/2008 19:23:34 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,941)
1/26/2008 19:23:30 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,940)
1/26/2008 19:23:25 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,939)
1/26/2008 19:23:21 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,938)
1/26/2008 19:23:16 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,937)
1/26/2008 19:23:12 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,936)
1/26/2008 19:23:07 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,935)
1/26/2008 19:22:26 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (222.239.255.43,3128)
1/26/2008 19:20:10 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.56.172.225,2967)
1/26/2008 19:18:39 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.63.236.143,7212)
1/26/2008 19:04:14 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (125.65.112.192,7212)
1/26/2008 19:04:14 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (125.65.112.192,8000)
1/26/2008 19:02:02 Supervisor Unused port blocking has blocked


Internet for the first time
1/26/2008 18:53:06 Supervisor Rule "Default Block RASmin Trojan

horse" blocked Details:
Inbound TCP connection

Remote address,service is (67.228.126.231,58619)
Process name is "N/A"
1/26/2008 18:53:06 Supervisor Trojan attempt detected from address

67.228.126.231 by rule "Default Block RASmin Trojan horse".
Blocked further access for 30 minutes.
1/26/2008 18:53:01 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.228.126.231,444)
1/26/2008 18:38:37 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (218.63.236.143,7212)
1/26/2008 18:28:26 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (67.15.119.3,10000)
1/26/2008 18:23:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (125.65.112.152,8000)
1/26/2008 18:23:51 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (125.65.112.152,7212)
1/26/2008 18:19:07 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.149.17.135,2967)
1/26/2008 18:19:04 Supervisor Unused port blocking has blocked

communications. Details:
Inbound TCP connection
Remote address,local service is (24.149.17.135,2967)
1/26/2008 18:16:30 Supervisor Rule "Default Block DeepThroat Trojan

horse" blocked (24.247.144.109,41). Details:

Edited by mohmama3, 26 January 2008 - 10:38 PM.


#7 mohmama3

mohmama3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 January 2008 - 10:41 PM

I called SoftLayer Technologies Inc. and they said they had complaints on that IP a few days ago. He said he would check on it himself and see why it was still causing problems. Hopefully they will stop them before they cause any real damage.

Edited by mohmama3, 26 January 2008 - 10:42 PM.


#8 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:12 PM

Posted 27 January 2008 - 08:34 AM

Also, a point to note. Symantec bought out sygate firewall and used parts of it in their security suite. Sygate is/was a great firewall but has been known to give a few false posotives and alert the user of the slightest internet traffic that is actually harmless. Having said that, the log does appear to be extensive so it could be an attack, but most of them could just be false posotives.
Regards,

Alan.

#9 mohmama3

mohmama3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 27 January 2008 - 01:26 PM

Thank you for all your help.

Hugs

Pat

#10 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:12 PM

Posted 27 January 2008 - 02:43 PM

No problem, glad to help.
Regards,

Alan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users