[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

intruders



PureBytes Links

Trading Reference Links

Hi Ken

It sure makes me wonder ... I thought that hacking was only for the "big
guys sites". I guess that the hackers need a computer that it on that they
can use as a front or relay site. Who knows about all of this arcane
business. It sounds like your .cz site was a relay or front? See the bogus
sites (?) in the trace.

My copy of Intruder Alert '99 was downloaded from the original Bonzi site
several months prior to the site being hacked. My copy of the program checks
out as clean for virus and trojans etc.

If anyone doesn't trust the hacked site or can't get through to Bonzi (none
of the addresses work for me) ... email me and I'll send you a copy of the
original (2.11 MB) zipped program.

I already sent a copy to Jose Pascual at <jpascual@xxxxxxxxxxx>. He may send
a copy to you.

If you want a copy please be prepared to forward your copy to others, 2.11
MB ties up my line for a while.

Best regards

Walter

================================

10 144.232.5.162   157ms  138ms  150ms  TTL:  0  (icm-bb10-pen-0-0.icp.net
ok)
11 198.67.133.62   181ms  166ms  144ms  TTL:  0  (icm-bb4-pen-0-0-0.icp.net
ok)
12 192.157.69.75   249ms  158ms  155ms  TTL:  0  (Pennsauken1.NJ.US.EU.net
probable bogus rDNS: host not found [non-authoritative])
13 134.222.228.145 170ms  209ms  153ms  TTL:  0  (Nyk-nr01.NY.US.EU.net ok)
14 134.222.228.42  180ms  155ms  150ms  TTL:  0  (Nyk-cr02.NY.US.EU.net
probable bogus rDNS: host not found [non-authoritative])
15 134.222.228.69  255ms  235ms  235ms  TTL:  0  (Asd-nr17.NL.EU.net ok)
16 134.222.58.2    247ms  224ms  244ms  TTL:  0  (Asd-nr18.NL.EU.net ok)
17 134.222.228.194 231ms  258ms  239ms  TTL:  0  (Ledn-cr01.NL.EU.net ok)
18 134.222.228.198 263ms  254ms  248ms  TTL:  0  (Ffm-nr03.eunet.com ok)
19 134.222.22.6    257ms  257ms  258ms  TTL:  0  (Prague1.CZ.EU.net ok)
20 134.222.22.18   271ms  267ms  256ms  TTL:  0  (Czechia.CZ.EU.net ok)
21 193.86.72.6     282ms  285ms  268ms  TTL:  0  (ci1a-mo.eunet.cz ok)
22 193.86.81.137   263ms  272ms  334ms  TTL:  0  (No rDNS)
23 193.86.81.133   283ms  275ms  279ms  TTL:104  (krakonos.chemopetrol.cz
ok)

=================================

person:      Petr Polak
address:     Chemopetrol
address:     Computer Centre
address:     Litvinov
address:     436 70
address:     The Czech Republic
phone:       +420 35 6162023
fax-no:      +420 35 6164784
e-mail:      polak@xxxxxxxxxxxxxx
nic-hdl:     PP15-RIPE
changed:     ors@xxxxxxxxxxxxxx 19970224
source:      RIPE

person:      Pavel Kunc
address:     Chemopetrol
address:     Computer Centre
address:     Litvinov
address:     436 70
address:     The Czech Republic
phone:       +420 35 6162287
fax-no:      +420 35 6164784
e-mail:      kunc@xxxxxxxxxxxxxx
nic-hdl:     PK36-RIPE


----- Original Message -----
From: <wander@xxxxxxxx>
To: Walter Lake <wlake@xxxxxxxxx>
Sent: Tuesday, July 13, 1999 12:09 PM
Subject: Re: track down intruders


> Walter,
>
> FWIW,
> Yesterday I decided to install Intruder Alert after reading your post.
This
> morning I had an "attack".  Win98's built in Tracert traced the intruders
IP
> address to krakonos.chemopetrol.cz [193.86.81.133].  The only web site I
could
> figure out is http://www.chemopetrol.cz/en_index.htm    At the moment,
that's as
> far as I've taken it.  I didn't have Samspade installed because frankly I
didn't
> think I had a problem.  Interesting.  I wonder if other MS list
subscribers are
> being checked out, or if this is just a coincidence.
>
> Krakonos - a legendary lord and guardian of
>      Krkonose.
>
> I attached part of the trace.  I guess I'm glad you posted to the list.<g>
>
> Regards,
> Ken
>
> Walter Lake wrote:
>
> > Hi Guy, Chip and all the others who helped
> >
> > My copy of Intruder Alert 99 is already installed and running, thanks to
a
> > nice person who sent me a copy.
> >
> > 20 to 30 minutes after installation the firewall shut the door on
somebody.
> > So who knows how many times I've been "examined".
> >
>