|
|
|
|
02-12-2004, 10:34 PM
|
#1 |
OT:: Namespace Miner
Hi Everyone,
We got notice that our IP address is being used to run a namespace miner against Microsoft. I have checked for viruses, trojans, checked all of the ISA server logs, and even checked for open proxies from within, and from outside our network. I can find nothing showing that says we are doing anything like this. I was wondering if anyone else had this happen to you, and what to check next. My last idea is that someone outside our ISP is hijacking our IP address, and that it is nothing we can prevent, but I don't know how to prove that explicitely. Thanks heaps Kendal Emery |
|
|
|
02-12-2004, 10:39 PM
|
#2 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
Do you know for certain that this is the case? Who says and what
proof do they have? "Kendal Emery" <> wrote in message news:... > Hi Everyone, > > We got notice that our IP address is being used to run a namespace miner > against Microsoft. I have checked for viruses, trojans, checked all of the > ISA server logs, and even checked for open proxies from within, and from > outside our network. I can find nothing showing that says we are doing > anything like this. > > I was wondering if anyone else had this happen to you, and what to check > next. > > My last idea is that someone outside our ISP is hijacking our IP address, > and that it is nothing we can prevent, but I don't know how to prove that > explicitely. > > Thanks heaps > > > kpg |
|
|
|
02-12-2004, 11:02 PM
|
#3 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
"Kendal Emery" <> wrote in
news:: > > My last idea is that someone outside our ISP is hijacking our IP > address, and that it is nothing we can prevent, but I don't know how > to prove that explicitely. > wow. highjacking tcp/ip sessions. that's a tall claim. are you sure they aren't just spoofing using your subnet range? -- Rowdy Yates "Command prompt's make me horny!" I am Against-TCPA http://www.againsttcpa.com Rowdy Yates |
|
|
|
02-12-2004, 11:59 PM
|
#4 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
Here is all the proof they give
{Quote Our system detected a namespace mining operation coming from that IP. Here is the information we have showing the time of abuse by that IP (all times are PST): Process data between 2004-01-29 10:03:46 and 2004-01-30 10:05:46 classification: namespace miner total nRcpt:19979 total nRcptSuccess:0 total nData:0 ENDQUOTE} "kpg" <> wrote in message news:#... > Do you know for certain that this is the case? Who says and what > proof do they have? > > "Kendal Emery" <> wrote in message > news:... > > Hi Everyone, > > > > We got notice that our IP address is being used to run a namespace miner > > against Microsoft. I have checked for viruses, trojans, checked all of > the > > ISA server logs, and even checked for open proxies from within, and from > > outside our network. I can find nothing showing that says we are doing > > anything like this. > > > > I was wondering if anyone else had this happen to you, and what to check > > next. > > > > My last idea is that someone outside our ISP is hijacking our IP address, > > and that it is nothing we can prevent, but I don't know how to prove that > > explicitely. > > > > Thanks heaps > > > > > > > > Kendal Emery |
|
|
|
02-13-2004, 12:00 AM
|
#5 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
Spoof, hi-jack, it's all the same to me, they are using my address. btw,
this is a dynamically assigned, static address, if you know what that means. It just seems very unlikely that it is coming from inside our organization. "Rowdy Yates" <> wrote in message news:Xns948DB7732D2CBrowdyyatesnospamlyco@207.46.2 48.16... > "Kendal Emery" <> wrote in > news:: > > > > > My last idea is that someone outside our ISP is hijacking our IP > > address, and that it is nothing we can prevent, but I don't know how > > to prove that explicitely. > > > > wow. highjacking tcp/ip sessions. that's a tall claim. are you sure they > aren't just spoofing using your subnet range? > > > -- > Rowdy Yates > "Command prompt's make me horny!" > I am Against-TCPA > http://www.againsttcpa.com Kendal Emery |
|
|
|
02-13-2004, 12:19 AM
|
#6 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
"Kendal Emery" <> wrote in
news:: > Spoof, hi-jack, it's all the same to me, they are using my address. > btw, this is a dynamically assigned, static address, if you know what > that means. It just seems very unlikely that it is coming from inside > our organization. you are using DHCP to keep assigning the same ip address to the same MAC address. no dynamic pool, right? if you are concerened, you can setup a sniffer and capture the traffic. there is a bit of work involved. -- Rowdy Yates Things I learnt in the army: ------------------------------- Rule #1 - When they say, "We are going to ambush the enemy". It really means, "We are heavily outnumbered and no one wants to help us." ------------------------------- I am Against-TCPA http://www.againsttcpa.com Rowdy Yates |
|
|
|
02-13-2004, 12:56 AM
|
#7 |
|
Posts: n/a
|
RE: OT:: Namespace Miner
----- Kendal Emery wrote: ---- Hi Everyone We got notice that our IP address is being used to run a namespace mine against Microsoft. You could try dropping to a DOS box and typing netstat At the very least, it will show all active connections and on what ports My guess is that you will likely determine it isn't you that is at fault. =?Utf-8?B?TWFya28=?= |
|
|
|
02-13-2004, 01:09 AM
|
#8 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
You're lucky it's your IP that's being Hijacked and not
your plane  Bilal >-----Original Message----- >"Kendal Emery" <> wrote in >news:: > >> >> My last idea is that someone outside our ISP is hijacking our IP >> address, and that it is nothing we can prevent, but I don't know how >> to prove that explicitely. >> > >wow. highjacking tcp/ip sessions. that's a tall claim. are you sure they >aren't just spoofing using your subnet range? > > >-- >Rowdy Yates >"Command prompt's make me horny!" >I am Against-TCPA >http://www.againsttcpa.com >. > Bilal |
|
|
|
02-13-2004, 02:22 AM
|
#9 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
> You're lucky it's your IP that's being Hijacked and not
> your plane Yes, she is lucky, but that's a sick fscking joke. -- KB - MCNGP "silent thug" #26 first initial last name AT hotmail DOT com --- Virus? In the computer? Are you serious? Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004 Ken Briscoe |
|
|
|
02-13-2004, 03:19 PM
|
#10 |
|
Posts: n/a
|
Re: OT:: Namespace Miner
It made me laugh.....
"Ken Briscoe" <> wrote in message news:... > > You're lucky it's your IP that's being Hijacked and not > > your plane > > Yes, she is lucky, but that's a sick fscking joke. > > -- > > KB - MCNGP "silent thug" #26 > > first initial last name AT hotmail DOT com > > > --- > Virus? In the computer? Are you serious? > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004 > > Kendal Emery |
|
|
