Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

My Hacker...

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 01:55 AM
Original message
My Hacker...
Edited on Fri Jan-28-05 02:18 AM by lala_rawraw
Okay, this person tried to hack into my machine 7 times today. The IP is: 65.172.201.104

I did a "whois on IP" and got the below, which is really strange...

then a who is just the IP, no web sites hosted? Okay... that is all I can explain because I am not a tech guru. Plus, google TLAM@... is this some nutcase or just a random?

Oh, what is ebaseone?


Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: Office of the Future
OrgID: OFFICE
Address: 115 River Rd
City: Edgewater
StateProv: NJ
PostalCode: 02020
Country: US
Comment:
RegDate: 1992-09-10
Updated: 1992-09-10

Name: LY THIEN LAM, KEITH
Handle: KL573-ARIN
Company:
Address: TIGER MOUNTAIN TECHNOLOGIES
Address: PO BOX 1574
City: MORTON
StateProv: WA
PostalCode: 98356-1574
Country: US
Comment:
RegDate: 2001-11-26
Updated: 2001-11-26
Phone: +1-281-885-1924 (Office)
Email: TLAM@ebaseone.com


who is this?
Printer Friendly | Permalink |  | Top
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:01 AM
Response to Original message
1. who hacked what?
Edited on Fri Jan-28-05 02:01 AM by Faye
i dont' want your thread to locked again b/c a mod doesn't know what you're talking about. please tell us what happened! if you can, edit your post and be more specific. no one knows what you're talking about! lol
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:19 AM
Response to Reply #1
2. done...
is that better? i just use this place to look stuff up:
http://www.dnsstuff.com/
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:24 AM
Response to Original message
3. well
this is what is at 115 River Rd. in Edgewater NJ

Edgewater Pediatrics


Description - Doctors
Address - 115 River Rd # 1003, Edgewater, NJ 07020-1036 Map It
Telephone - (201) 945-9453
Review - Submit first review
Updated 2004-11-06

Doctors, Edgewater
FLJ & M Medical Professional


Description - Doctors
Address - 115 River Rd, Edgewater, NJ 07020-1006 Map It
Telephone - (201) 941-4405
Review - Submit first review
Updated 2004-11-06
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:26 AM
Response to Reply #3
4. and Tiger Mountain Technologies
Edited on Fri Jan-28-05 02:31 AM by Faye
is a website designing company? yes, and internet service provider.

http://www.lewiscounty.com/web_design.html
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:29 AM
Response to Reply #4
6. but what this all means i have no idea
:( :shrug: i don't know what all those things mean as to who exactly is trying to hit your computer.
Printer Friendly | Permalink |  | Top
 
qwghlmian Donating Member (768 posts) Send PM | Profile | Ignore Fri Jan-28-05 02:29 AM
Response to Original message
5. The IP address apparently
belongs to a small ISP called Tiger Mountain Technologies - so most probably it is a computer in someone's home connected to that ISP.

That doesn't really mean that someone in WA is trying to "hack into your machine". There are millions upon millions of computers unknowingly hosting various worms/trojans whose blissfully unaware owners don't know that their computer keeps probing thousands of other computers in its "spare time" and, if successful, sends resulting info back to someone who can use it to get in.
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:35 AM
Response to Reply #5
8. well if nothing else...
I found this interesting resource by doing random chess based logic searches:

http://64.233.161.104/search?q=cache:CZNhq1icad0J:www.w...

I cannot understand numbers, but chess... well chess is a language that makes sense, lmao. I am challanged, very :)
Printer Friendly | Permalink |  | Top
 
salvorhardin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:33 AM
Response to Original message
7. That looks like it's
a business DSL account.

dnsstuff must have some old information because Office of the Future was an old National Science Foundation project that's long since been disbanded. Look at the Registration and Update dates -- they're both 1992, long before the NSF Arpanet backbone was sold off to become the commercial internet. Here's a more accurate whois lookup...
65.172.201.104 = < customer104a.lewiscounty.com >

OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Drive
City: Reston
StateProv: VA
PostalCode: 20196
Country: US
NetRange: 65.160.0.0 - 65.174.255.255
CIDR: 65.160.0.0/13 65.168.0.0/14 65.172.0.0/15 65.174.0.0/16
NetName: SPRINTLINK-2-BLKS
NetHandle: NET-65-160-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NS1-AUTH.SPRINTLINK.NET
NameServer: NS2-AUTH.SPRINTLINK.NET
NameServer: NS3-AUTH.SPRINTLINK.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-09-19
Updated: 2004-02-06
TechHandle: SPRINT-NOC-ARIN
TechName: Sprintlink (Sprint)
TechPhone: 1-800-232-6895
TechEmail: NOC@sprint.net

OrgTechHandle: ARINS-ARIN
OrgTechName: arin-sprint-iprequest
OrgTechPhone: 1-800-232-3458
OrgTechEmail: ip-req@sprint.net

OrgName: TIGER MOUNTAIN TECHNOLOGIES
OrgID: TMT-5
Address: PO BOX 1574
City: MORTON
StateProv: WA
PostalCode: 98356-1574
Country: US
NetRange: 65.172.200.0 - 65.172.201.255
CIDR: 65.172.200.0/23
NetName: FON-110184243291049
NetHandle: NET-65-172-200-0-1
Parent: NET-65-160-0-0-1
NetType: Reassigned
Comment:
RegDate: 2001-11-26
Updated: 2001-11-26
TechHandle: KL573-ARIN
TechName: LY THIEN LAM KEITH
TechPhone: 1-281-885-1924
TechEmail: TLAM@ebaseone.com

ARIN WHOIS database last updated 2005-01-27 19: 10
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:36 AM
Response to Reply #7
9. what resource...
do you use to run your searches? dns stuff is old? is there something better?
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:38 AM
Response to Reply #9
11. wow, check this out
This is really cool and it is all coming out of using this URL with various search strings:

http://politics.technorati.com/
Printer Friendly | Permalink |  | Top
 
skids Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 04:08 AM
Response to Reply #11
24. Ouch my head hurts.
Note to self: Don't read lala_rawraw posts when tired.

lala, I appreciate that you are reeling from a cold or something, but you're providing very little in the way of context, so it's a bit like listening to half of a telephone conversation.

(and yes, technorati is cool. Found DU through it in fact, some months ago. :-) )
Printer Friendly | Permalink |  | Top
 
salvorhardin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:42 AM
Response to Reply #9
12. Well...
I just use the whois command on my server, but http://samspade.org will give you the same information (we both check against the ARIN database).

Tiger Mountain Technologies looks like it is a reseller of Sprint DSL in Lewis County, WA. http://www.lewiscounty.com/services.htm

I agree with the person posting after me, it's probably just a random port scan. Nothing to be too concerned over.
Printer Friendly | Permalink |  | Top
 
Corey_Baker08 Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Jan-31-05 04:03 PM
Response to Reply #7
26. Wow I had that exact same thing on my computer....
I had all of that pop up on my Norton saying there was an attempted jacking of my computer from that address which turns out to b Sprint I guess in reston, VA but its weird because I have nothing through Sprint, not my phone, not my internet, nothing.

Maybe its all part of an even bigger conspriacy theory.....
Printer Friendly | Permalink |  | Top
 
JunkYardDogg Donating Member (618 posts) Send PM | Profile | Ignore Mon Jan-31-05 05:49 PM
Response to Reply #7
28. Could You write out a step by step "How to Trace Back"
I have a Sygate Firewall
Everytime I'm connected, I have Port Scan Attacks,
sometimes 3 or more per session, all get blocked,
but I would like to back trace, usually "Whois" comes back
empty-handed
I do have a real problem
In April, Pest Patrol found "PC Anywhere" installed in my Desktop-

I never installed it
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:38 AM
Response to Original message
10. That's no hack attempt imho.
did you just get random port scans, which port were they against, which protocol - HTTP/FTP/ etc? Were the scans run against port numbers higher than 1027? etc etc.

And, no savvy hacker would use a US-based IP unless they were bouncing through the server. They'd have an anon proxy in a country where server log details aren't kept, which had no reciprocal arrangement with US LEA's and so on. Even then their true IP would show up in the server log unless they had a proxy chain.

I looked at the netblock range that IP is off and it's very small, suggesting it's a corporate network. Background traffic methinks.

Printer Friendly | Permalink |  | Top
 
salvorhardin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:45 AM
Response to Reply #10
13. McKenzie is right
Any real hacking is done through anonymous proxies and bot-nets (networks of virus infested PCs whose viruses call home (usually to an IRC channel) and put the machine they're on at the hacker's beck and call -- i.e. a zombie).
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:46 AM
Response to Reply #10
14. block windows?
file sharing? i don't know where to look... is that correct?
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:48 AM
Response to Reply #14
15. wait...
window file sharing /system/cvhost.exe

is that what you need?
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:50 AM
Response to Reply #15
16. hmmm... some more IP
same destination:

WHOIS results for !NET-65-172-200-0-1
Generated by www.DNSstuff.com
Country: Unknown

Looking up !NET-65-172-200-0-1 at whois.arin.net.

NOTE: More information appears to be available at KL573-ARIN.

Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: TIGER MOUNTAIN TECHNOLOGIES
OrgID: TMT-5
Address: PO BOX 1574
City: MORTON
StateProv: WA
PostalCode: 98356-1574
Country: US

NetRange: 65.172.200.0 - 65.172.201.255
CIDR: 65.172.200.0/23
NetName: FON-110184243291049
NetHandle: NET-65-172-200-0-1
Parent: NET-65-160-0-0-1
NetType: Reassigned
Comment:
RegDate: 2001-11-26
Updated: 2001-11-26

TechHandle: KL573-ARIN
TechName: LY THIEN LAM, KEITH
TechPhone: +1-281-885-1924
TechEmail: ****@ebaseone.com

# ARIN WHOIS database, last updated 2005-01-27 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:54 AM
Response to Reply #16
18. wait... get more odd now/or not...
Not a clue what this means... am just stupid=me. Sorry :(

Is this a normal "network adapter"? sounds really odd

Details: Protecting your connection to a newly detected network on adapter "WAN (PPP/SLIP) Interface" (?
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:53 AM
Response to Reply #15
17. it's legit
Svchost.exe is the one to be worried about although there are nasties that can rename to the legit system file to hide their presence.

If you posted clear information I could tell you what was happening, eg you firewall log. But don't post it, especially if you have a static IP.

Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:54 AM
Response to Reply #17
19. when you say legit?
what does that mean?
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:56 AM
Response to Reply #19
20. it's a "legitimate" system file
sorry for using obscure abbreviations.
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 02:58 AM
Response to Reply #20
21. and that means...
that it was not hacked, because blocked? or that means it was hacked? or that means that it is nothing to worry about?
Printer Friendly | Permalink |  | Top
 
Carolab Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 03:03 AM
Response to Original message
22. Here's the Office of the Future website.
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-28-05 03:13 AM
Response to Reply #22
23. so nothing bad... right?
no files stolen or something like that?
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Jan-31-05 03:34 PM
Response to Reply #23
25. Me again (sorry)
Okay, I am going to try to make this not "half a phone call conversation" as much as possible.

Do you guys know "Focus on the Family?" run by Dobson? Its domain name is family.org

They are near impossible to figure out, okay, mabye just for me. I did run a DNS report....and here it is... let me know if you guys see anything strange... especially how the email servers seem to resolve... is it me, or are they resolving to the topic of this thread? In other words, Office Of Future...Let me know if I am not clear... I have a hard time understanding this stuff let alone asking questions about it. I don't mean to be vague, i am just unable to make enough sense out of this enough to ask my questions. My question is, is this a normal DNS report and does the final destination of the mail servers go to Office of Future, but also to a UN site...if I am wrong, please let me know.

http://www.dnsreport.com/tools/dnsreport.ch?domain=fami...
Printer Friendly | Permalink |  | Top
 
KerryOn Donating Member (899 posts) Send PM | Profile | Ignore Mon Jan-31-05 05:12 PM
Response to Original message
27. Doesn't mean a thing.
All that happened is that someone with that IP made a connection attempt to your PC. It could have been a real hack attempt, but more than likely it was an accident or something legit. I get dozens of these a day.

My advice: You must be running a firewall, or you would not be able to tell if someone made a connection attempt. So that means that your firewall is doing it's job. So ignore it.

Welcome to the Internet.
Printer Friendly | Permalink |  | Top
 
lala_rawraw Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Jan-31-05 09:33 PM
Response to Reply #27
29. silly
thanks... feels like i just started on the Net, but really... I just don't get the whole route thing... plus, my job is to be in expert at what i do and go to you guys, experts and what you do... so thank you my dear expert friend...it is nice to know where to go when one has questions... yes, firewall is up, but odd that it happened on the same day the Clermont story ran (rawstory.com). I swear, i am generally not THIS stupid... I actually play solid chess... but give me an IP or numbers and my brain falls out of head and goes splat. I see patterns in everything, yet I cannot discuss them in numbers :( I am clearly very challanged, lmao :)

thanks so much... i owe you one, or two... :D
Printer Friendly | Permalink |  | Top
 
Zan_of_Texas Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Jan-31-05 11:23 PM
Response to Reply #27
30. Okay, how about some more translations for us non-geeks.
Say you're just an everyday person who occasionally digs into stuff, and you wouldn't be too happy to have unknown hackers busting into your computer.

Say you have a basic firewall working.

Say you check to see who's been electronically knocking at your door.

When should you be concerned? How do you know when to be?

If an industrial strength hacker wants to get into your system, how would you stop them? (assuming it's not just an everyday hacker).


That Reston, Virginia address would concern me if you guys hadn't said nah, don't worry -- because the CIA and lots of defense-related stuff is in surburban Virginia just outside of D.C.
Printer Friendly | Permalink |  | Top
 
skids Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Feb-01-05 12:22 AM
Response to Reply #30
31. Doorknob twists are so common...
You'd just be scaring yourself for no reason if you even bothered to look at them without some technical knowlege.

If you have a NAT/firewall, then you shouldn't see *any* unsolicited connections on your desktop.

If you insist on using IE as your browser, that's you're own damn fault.

Basically try to boil down what you *need* to do versus recreation, and only use your computer for that. Hate to say it, but that's the only way to reduce your risk if you don't have some level of experience. The more bells and whistles you turn on, the worse off you are going to be.

Now, if you are lucky enough to have a friend or relative that can convert you over to Linux and hold your hand until you know your way around, and you are willing to give up a few of the more gratuitous excesses you have been enjoying, then that person can probably get a system running for you that will go most places on the web and do basic desktop productivity. That will keep you relatively safe for a while, until enough people are doing it that the adware people start targeting us, at which point I think we will fare quite well in patching things up really fast, but it will take some effort to keep your machine up to date. Consider that a get out of jail for a few years option.

Or, if you downgrade to really crusty versions of Windows, you'll be immune to most of the crap which is aimed at W2K and over. That is, if your machine hardware isn't so new that the old version of Windows refuses to work.

Or you could go MAC. But they are probably going to get hit before us Linux folks do.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Tue Jul 22nd 2014, 11:50 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC