Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   MCSE (http://www.velocityreviews.com/forums/f25-mcse.html)
-   -   xp attack (http://www.velocityreviews.com/forums/t45643-xp-attack.html)

Nick 06-29-2003 04:44 AM

xp attack
 
Recently my XP Pro PC got several attacks from 224.0.0.22
(IGMP.MCAST.NET). One attack is to change %windows%
\explorer.exe. Another one is to change %WINDOWS%
\PCHEALTH\HELPCTR\Binaries\pch*.dll files. Would anyone
please tell me how should I deal with the issue? Is
IGMP.MCAST.NET a well-known attack machine? Who owns this
machine?
Thank you.
Nick

Fermin Sanchez 06-29-2003 12:32 PM

Re: xp attack
 
"Nick" <npwMa@yahoo.com> wrote in news:17bd01c33df9$14ff1bc0
$a601280a@phx.gbl:

> Recently my XP Pro PC got several attacks from 224.0.0.22


Are you for real?


With kind regards
Fermin Sanchez

PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275

--
Man has his will. Woman has her won't!

nick 06-29-2003 02:52 PM

xp attack
 
Have traced organization that own the machine. Here is
the result: (WHY IANA DOES THAT???!!!)
=======================================
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional
information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgTechHandle: IANA-ARIN
OrgTechName: Internet Corporation for Assigned Names
and Number
OrgTechPhone: +1-310-823-9358
OrgTechEmail: res-ip@iana.org

# ARIN WHOIS database, last updated 2003-06-28 21:05
# Enter ? for additional hints on searching ARIN's WHOIS
database.
==============================
>-----Original Message-----
>Recently my XP Pro PC got several attacks from

224.0.0.22
>(IGMP.MCAST.NET). One attack is to change %windows%
>\explorer.exe. Another one is to change %WINDOWS%
>\PCHEALTH\HELPCTR\Binaries\pch*.dll files. Would anyone
>please tell me how should I deal with the issue? Is
>IGMP.MCAST.NET a well-known attack machine? Who owns

this
>machine?
>Thank you.
>Nick
>.
>


Fermin Sanchez 06-29-2003 04:52 PM

Re: xp attack
 
"nick" <npwMa@yahoo.com> wrote in news:003501c33e4d$feeaf200
$a101280a@phx.gbl:

> Have traced organization that own the machine. Here is
> the result: (WHY IANA DOES THAT???!!!)


You are becoming more and more entertaining. Please, keep up the good
work :-)))


With kind regards
Fermin Sanchez

PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275

--
Building Contractors, not to be confused with homemakers

your-so-clever 02-06-2009 12:23 PM

you think your sooo clever @ fermin sanchez

thats right, just act deroagative without backing up your facts.

yeah you are an idiot - and if the admin's of this board cared about their users they would ban your ip, for being not only rude but un-helpful.

nick the point you make IS valid, you have done an ip lookup and therefore are trying to work this out.

as we know, dumb people make dumb comments, like sanchez above.

he probably did a quick thick on what m-cast is, and then put 1+1 together and got 6.

thats a bit like saying, any traffic from, fermin-sanchez-is-dumb.com, is 'of course' from sanchez.

its only a domain and therefore means very little.

as you have found out, igmp.m-cast.net is comming from a califonia university or college.

now why would there be traffice from this, to your machine? it shouldnt, thats the simple fact.

if as you say, this traffic is managing to change systems files then i would suggest you either reinstall, revert back, or try some heavy duty software to extract it out; personally i would just backup (only non-system files) and then re-install.

if you do a check on the web their isnt realy a solution to this, and as you can see many ppl are having problems with this domain/ip.

due to similar issues, i am going to contact this university and ask them to provide evidence of our permission that their network can connect to ours.

this usually is enough to stop these divy-script-kiddies from using univesity computers to try hacking etc attempts.

hope this helps.


All times are GMT. The time now is 08:36 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.