xp attack

Discussion in 'MCSE' started by Nick, Jun 29, 2003.

  1. Nick

    Nick Guest

    Recently my XP Pro PC got several attacks from
    (IGMP.MCAST.NET). One attack is to change %windows%
    \explorer.exe. Another one is to change %WINDOWS%
    \PCHEALTH\HELPCTR\Binaries\pch*.dll files. Would anyone
    please tell me how should I deal with the issue? Is
    IGMP.MCAST.NET a well-known attack machine? Who owns this
    Thank you.
    Nick, Jun 29, 2003
    1. Advertisements

  2. Are you for real?

    With kind regards
    Fermin Sanchez

    PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275
    Fermin Sanchez, Jun 29, 2003
    1. Advertisements

  3. Nick

    nick Guest

    Have traced organization that own the machine. Here is
    the result: (WHY IANA DOES THAT???!!!)
    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: -
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgTechHandle: IANA-ARIN
    OrgTechName: Internet Corporation for Assigned Names
    and Number
    OrgTechPhone: +1-310-823-9358

    # ARIN WHOIS database, last updated 2003-06-28 21:05
    # Enter ? for additional hints on searching ARIN's WHOIS
    nick, Jun 29, 2003
  4. You are becoming more and more entertaining. Please, keep up the good
    work :)))

    With kind regards
    Fermin Sanchez

    PGP KeyID: 4096/9FDF4275 FP: 7E6D CC1D 798C ADCD 9093 A6C4 BCC2 2BD4 9FDF 4275
    Fermin Sanchez, Jun 29, 2003
  5. Nick


    Feb 6, 2009
    Likes Received:
    you think your sooo clever @ fermin sanchez

    thats right, just act deroagative without backing up your facts.

    yeah you are an idiot - and if the admin's of this board cared about their users they would ban your ip, for being not only rude but un-helpful.

    nick the point you make IS valid, you have done an ip lookup and therefore are trying to work this out.

    as we know, dumb people make dumb comments, like sanchez above.

    he probably did a quick thick on what m-cast is, and then put 1+1 together and got 6.

    thats a bit like saying, any traffic from, fermin-sanchez-is-dumb.com, is 'of course' from sanchez.

    its only a domain and therefore means very little.

    as you have found out, igmp.m-cast.net is comming from a califonia university or college.

    now why would there be traffice from this, to your machine? it shouldnt, thats the simple fact.

    if as you say, this traffic is managing to change systems files then i would suggest you either reinstall, revert back, or try some heavy duty software to extract it out; personally i would just backup (only non-system files) and then re-install.

    if you do a check on the web their isnt realy a solution to this, and as you can see many ppl are having problems with this domain/ip.

    due to similar issues, i am going to contact this university and ask them to provide evidence of our permission that their network can connect to ours.

    this usually is enough to stop these divy-script-kiddies from using univesity computers to try hacking etc attempts.

    hope this helps.
    your-so-clever, Feb 6, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.