xp attack

Discussion in 'MCSE' started by Nick, Jun 29, 2003.

  1. Nick

    Nick Guest

    Recently my XP Pro PC got several attacks from 224.0.0.22
    (IGMP.MCAST.NET). One attack is to change %windows%
    \explorer.exe. Another one is to change %WINDOWS%
    \PCHEALTH\HELPCTR\Binaries\pch*.dll files. Would anyone
    please tell me how should I deal with the issue? Is
    IGMP.MCAST.NET a well-known attack machine? Who owns this
    machine?
    Thank you.
    Nick
    Nick, Jun 29, 2003
    #1
    1. Advertising

  2. "Nick" <> wrote in news:17bd01c33df9$14ff1bc0
    $:

    > Recently my XP Pro PC got several attacks from 224.0.0.22


    Are you for real?


    With kind regards
    Fermin Sanchez

    PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275

    --
    Man has his will. Woman has her won't!
    Fermin Sanchez, Jun 29, 2003
    #2
    1. Advertising

  3. Nick

    nick Guest

    Have traced organization that own the machine. Here is
    the result: (WHY IANA DOES THAT???!!!)
    =======================================
    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional
    information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgTechHandle: IANA-ARIN
    OrgTechName: Internet Corporation for Assigned Names
    and Number
    OrgTechPhone: +1-310-823-9358
    OrgTechEmail:

    # ARIN WHOIS database, last updated 2003-06-28 21:05
    # Enter ? for additional hints on searching ARIN's WHOIS
    database.
    ==============================
    >-----Original Message-----
    >Recently my XP Pro PC got several attacks from

    224.0.0.22
    >(IGMP.MCAST.NET). One attack is to change %windows%
    >\explorer.exe. Another one is to change %WINDOWS%
    >\PCHEALTH\HELPCTR\Binaries\pch*.dll files. Would anyone
    >please tell me how should I deal with the issue? Is
    >IGMP.MCAST.NET a well-known attack machine? Who owns

    this
    >machine?
    >Thank you.
    >Nick
    >.
    >
    nick, Jun 29, 2003
    #3
  4. "nick" <> wrote in news:003501c33e4d$feeaf200
    $:

    > Have traced organization that own the machine. Here is
    > the result: (WHY IANA DOES THAT???!!!)


    You are becoming more and more entertaining. Please, keep up the good
    work :)))


    With kind regards
    Fermin Sanchez

    PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275

    --
    Building Contractors, not to be confused with homemakers
    Fermin Sanchez, Jun 29, 2003
    #4
  5. Nick

    your-so-clever

    Joined:
    Feb 6, 2009
    Messages:
    1
    you think your sooo clever @ fermin sanchez

    thats right, just act deroagative without backing up your facts.

    yeah you are an idiot - and if the admin's of this board cared about their users they would ban your ip, for being not only rude but un-helpful.

    nick the point you make IS valid, you have done an ip lookup and therefore are trying to work this out.

    as we know, dumb people make dumb comments, like sanchez above.

    he probably did a quick thick on what m-cast is, and then put 1+1 together and got 6.

    thats a bit like saying, any traffic from, fermin-sanchez-is-dumb.com, is 'of course' from sanchez.

    its only a domain and therefore means very little.

    as you have found out, igmp.m-cast.net is comming from a califonia university or college.

    now why would there be traffice from this, to your machine? it shouldnt, thats the simple fact.

    if as you say, this traffic is managing to change systems files then i would suggest you either reinstall, revert back, or try some heavy duty software to extract it out; personally i would just backup (only non-system files) and then re-install.

    if you do a check on the web their isnt realy a solution to this, and as you can see many ppl are having problems with this domain/ip.

    due to similar issues, i am going to contact this university and ask them to provide evidence of our permission that their network can connect to ours.

    this usually is enough to stop these divy-script-kiddies from using univesity computers to try hacking etc attempts.

    hope this helps.
    your-so-clever, Feb 6, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim J. Dunn
    Replies:
    2
    Views:
    877
    reshman
    Nov 5, 2003
  2. SingSong

    DOS Attack

    SingSong, Dec 12, 2003, in forum: Cisco
    Replies:
    3
    Views:
    669
    Bob by The Bay
    Dec 13, 2003
  3. Radley
    Replies:
    0
    Views:
    607
    Radley
    Jan 20, 2004
  4. jason b

    806 attack logging

    jason b, Feb 2, 2004, in forum: Cisco
    Replies:
    0
    Views:
    421
    jason b
    Feb 2, 2004
  5. dorothy.bradbury
    Replies:
    15
    Views:
    993
    dorothy.bradbury
    Jul 21, 2003
Loading...

Share This Page