Paranoia

Post by **Shamis** » Wed Mar 19, 2008 3:09 am

So I got home from work, turned on my computer, and then went and watched tv for a bit. I had not actually activated anything, or even logged into my pc yet.

then I come back after 2 hours, and hear the harddrive spinning like crazy. So I figure I have some kind of malware. Not expecting to find anything useful since I've heard this before and nothing shows up...I quickly log in and run netstat.

here's what I get: (yes my computer is called poontos...lol)

Active Connections

Proto Local Address Foreign Address State
TCP poontos:1036 localhost:27015 ESTABLISHED
TCP poontos:27015 localhost:1036 ESTABLISHED
TCP poontos:1038 208.51.0.7:25793 ESTABLISHED
TCP poontos:50724 192.168.0.1:http TIME_WAIT
TCP poontos:54169 192.168.0.1:http TIME_WAIT
TCP poontos:61478 192.168.0.1:http TIME_WAIT
TCP poontos:61500 192.168.0.1:http TIME_WAIT
TCP poontos:64358 192.168.0.1:http TIME_WAIT

Ok, only 1 foreign address. So lets do a lookup on that:

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 205.0.0.0 - 205.55.255.255
CIDR: 205.0.0.0/11, 205.32.0.0/12, 205.48.0.0/13
NetName: NICS0086
NetHandle: NET-205-0-0-0-1
Parent: NET-205-0-0-0-0
NetType: Direct Allocation
Comment:
RegDate:
Updated: 2007-08-31

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-614-692-2708
OrgTechEmail: HOSTMASTER@nic.mil

wtf. Is this some kind of spyware that is spoofing the dod's ip address? Or is the DoD spying on me?

Post by **dhoyne** » Wed Mar 19, 2008 8:02 am

Nothing to see here. Move along, citizen.

Post by **DriskellHR** » Wed Mar 19, 2008 8:11 am

do you use wireless internet? Looks like malware I got hit with it REALLY bad about 6 months ago which caused me to loose all my buisness data. be sure if it starts acting funny to backup everthing!!!

When I worked at the Kentucky Center for the Arts in louisville. We came into our maintenance office early one morning to find our automated building controls being hacked. We watched this guy start turning on and off valves and shuting of vital systems via the internet connection!! We were able to disable his hookup, but man if he had shut off the wrong valve on the boiler and we did not see it..... BOOM!!

Post by **SCIN** » Wed Mar 19, 2008 8:21 am

You fat fingered your whois.

OrgName: Global Crossing
OrgID: GBLX
Address: 14605 South 50th Street
City: Phoenix
StateProv: AZ
PostalCode: 85044-6471
Country: US

ReferralServer: rwhois://rwhois.gblx.net:4321

NetRange: 208.50.192.0 - 208.51.255.255
CIDR: 208.50.192.0/18, 208.51.0.0/16
NetName: GBLX-6D
NetHandle: NET-208-50-192-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: NAME.ROC.GBLX.NET
NameServer: NAME.PHX.GBLX.NET
NameServer: NAME.SNV.GBLX.NET
NameServer: NAME.JFK1.GBLX.NET
Comment: THESE ADDRESSES ARE NON-PORTABLE
RegDate:
Updated: 2002-10-14

Post by **ReachHigh** » Wed Mar 19, 2008 8:41 am

If they wanted your computer they would just come and take it.

Post by **Shamis** » Wed Mar 19, 2008 8:56 am

lol, that was an unfortunate typo.

208->205 makes it dod.

Post by **Josephine** » Wed Mar 19, 2008 9:32 am

and here i thought this thread was going to be about the route.

Post by **Steve** » Wed Mar 19, 2008 9:38 am

You think this board is for talking about rock climbing Josephine?!

Post by **Myke Dronez** » Wed Mar 19, 2008 10:21 am

I was thinking this thread was gonna be about smoking dope and listening to Black Sabbath.

Post by **ReachHigh** » Wed Mar 19, 2008 11:13 am

I though this thread was going to be about the people out to get me.