Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Hacked ???

from [asterisk] Network Security [Permanent Link]
Subject: Hacked ???
Date: Sat, 23 Jul 2005 04:19:45 +0100 

Hi List,

I'm seeing some strange things on my box.  Here is a snippit from my squid
log:  BTW I don't have an icq account.


1122088113.571    308 212.227.83.197 TCP_MISS/200 184 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088114.402    140 220.160.34.238 TCP_HIT/200 482 GET
http://media.adrevolver.com/adrevolver/banner? - NONE/- text/html
1122088116.711    310 212.227.65.104 TCP_MISS/200 186 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088119.769    339 212.227.83.197 TCP_MISS/200 183 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088119.950    367 72.21.34.42 TCP_MISS/200 185 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088120.466    543 200.50.23.115 TCP_MISS/401 417 GET
http://www.bubblebutts.com/members/ - DIRECT/216.15.219.25 text/html
1122088121.618    404 212.227.65.104 TCP_MISS/200 186 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088122.814    885 70.118.81.253 TCP_MISS/200 6085 GET
http://members.yahoo.com/interests? - DIRECT/66.218.75.151 text/html
1122088123.961    620 212.227.83.197 TCP_MISS/200 251 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088125.635    356 72.21.34.42 TCP_MISS/200 185 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088126.101    309 212.227.65.104 TCP_MISS/200 186 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088126.587    309 212.227.83.197 TCP_MISS/200 182 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088129.107    376 212.227.83.197 TCP_MISS/200 184 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088129.404    446 85.138.104.205 TCP_MISS/999 4647 GET
http://216.109.127.60/config/login? - DIRECT/216.109.127.60 text/html
1122088130.415     10 220.160.34.238 TCP_MEM_HIT/200 381 GET
http://ad.yieldmanager.com/imp? - NONE/- image/gif
1122088130.882    385 212.227.65.104 TCP_MISS/200 186 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088132.464    348 212.227.83.197 TCP_MISS/200 185 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088132.587    307 212.227.83.197 TCP_MISS/200 184 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088135.746    391 212.227.83.197 TCP_MISS/200 184 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -
1122088135.762    380 72.21.34.42 TCP_MISS/200 182 CONNECT
login.icq.com:443 - DIRECT/64.12.200.89 -


I've disconected all machines except my main linux box which is used for a
number of things ( asterisk telephony system / squid proxy / cvs ) etc.
I've also noticed port 32768 is open and others are connecting to it from
the web or an app is connecting to them.  How can I see which app is
connecting to port 32768 ???

Heres the first line from a netstat -an

[root@zeus iptraf]# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address
State
tcp        0      0 0.0.0.0:32768               0.0.0.0:*
LISTEN


Thanks in advance.



Phil
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ICMP attacks against TCP: Conclusions, Fernando Gont
Next by Date:  Re: ftp server windows, matt
Previous by Thread:  ICMP attacks against TCP: Conclusions, Fernando Gont
Next by Thread:  Re: Hacked ???, Fernando Amatte
Indexes:  [Date] [Thread] [Top] [All Lists]