|
PureBytes Links
Trading Reference Links
|
Hi Ken
It sure makes me wonder ... I thought that hacking was only for the "big
guys sites". I guess that the hackers need a computer that it on that they
can use as a front or relay site. Who knows about all of this arcane
business. It sounds like your .cz site was a relay or front? See the bogus
sites (?) in the trace.
My copy of Intruder Alert '99 was downloaded from the original Bonzi site
several months prior to the site being hacked. My copy of the program checks
out as clean for virus and trojans etc.
If anyone doesn't trust the hacked site or can't get through to Bonzi (none
of the addresses work for me) ... email me and I'll send you a copy of the
original (2.11 MB) zipped program.
I already sent a copy to Jose Pascual at <jpascual@xxxxxxxxxxx>. He may send
a copy to you.
If you want a copy please be prepared to forward your copy to others, 2.11
MB ties up my line for a while.
Best regards
Walter
================================
10 144.232.5.162 157ms 138ms 150ms TTL: 0 (icm-bb10-pen-0-0.icp.net
ok)
11 198.67.133.62 181ms 166ms 144ms TTL: 0 (icm-bb4-pen-0-0-0.icp.net
ok)
12 192.157.69.75 249ms 158ms 155ms TTL: 0 (Pennsauken1.NJ.US.EU.net
probable bogus rDNS: host not found [non-authoritative])
13 134.222.228.145 170ms 209ms 153ms TTL: 0 (Nyk-nr01.NY.US.EU.net ok)
14 134.222.228.42 180ms 155ms 150ms TTL: 0 (Nyk-cr02.NY.US.EU.net
probable bogus rDNS: host not found [non-authoritative])
15 134.222.228.69 255ms 235ms 235ms TTL: 0 (Asd-nr17.NL.EU.net ok)
16 134.222.58.2 247ms 224ms 244ms TTL: 0 (Asd-nr18.NL.EU.net ok)
17 134.222.228.194 231ms 258ms 239ms TTL: 0 (Ledn-cr01.NL.EU.net ok)
18 134.222.228.198 263ms 254ms 248ms TTL: 0 (Ffm-nr03.eunet.com ok)
19 134.222.22.6 257ms 257ms 258ms TTL: 0 (Prague1.CZ.EU.net ok)
20 134.222.22.18 271ms 267ms 256ms TTL: 0 (Czechia.CZ.EU.net ok)
21 193.86.72.6 282ms 285ms 268ms TTL: 0 (ci1a-mo.eunet.cz ok)
22 193.86.81.137 263ms 272ms 334ms TTL: 0 (No rDNS)
23 193.86.81.133 283ms 275ms 279ms TTL:104 (krakonos.chemopetrol.cz
ok)
=================================
person: Petr Polak
address: Chemopetrol
address: Computer Centre
address: Litvinov
address: 436 70
address: The Czech Republic
phone: +420 35 6162023
fax-no: +420 35 6164784
e-mail: polak@xxxxxxxxxxxxxx
nic-hdl: PP15-RIPE
changed: ors@xxxxxxxxxxxxxx 19970224
source: RIPE
person: Pavel Kunc
address: Chemopetrol
address: Computer Centre
address: Litvinov
address: 436 70
address: The Czech Republic
phone: +420 35 6162287
fax-no: +420 35 6164784
e-mail: kunc@xxxxxxxxxxxxxx
nic-hdl: PK36-RIPE
----- Original Message -----
From: <wander@xxxxxxxx>
To: Walter Lake <wlake@xxxxxxxxx>
Sent: Tuesday, July 13, 1999 12:09 PM
Subject: Re: track down intruders
> Walter,
>
> FWIW,
> Yesterday I decided to install Intruder Alert after reading your post.
This
> morning I had an "attack". Win98's built in Tracert traced the intruders
IP
> address to krakonos.chemopetrol.cz [193.86.81.133]. The only web site I
could
> figure out is http://www.chemopetrol.cz/en_index.htm At the moment,
that's as
> far as I've taken it. I didn't have Samspade installed because frankly I
didn't
> think I had a problem. Interesting. I wonder if other MS list
subscribers are
> being checked out, or if this is just a coincidence.
>
> Krakonos - a legendary lord and guardian of
> Krkonose.
>
> I attached part of the trace. I guess I'm glad you posted to the list.<g>
>
> Regards,
> Ken
>
> Walter Lake wrote:
>
> > Hi Guy, Chip and all the others who helped
> >
> > My copy of Intruder Alert 99 is already installed and running, thanks to
a
> > nice person who sent me a copy.
> >
> > 20 to 30 minutes after installation the firewall shut the door on
somebody.
> > So who knows how many times I've been "examined".
> >
>
|