Network Attack on my Home PC. Is it related to Kelvin at SEC33, You be the the judge...

From: masterpat_private
Date: Sat Jul 28 2001 - 12:58:57 PDT

  • Next message: L. Christopher Paul: "Re: Correction: Re: tcpdump traces of CodeRed (lab environment)"

    Over the last 24 hours my Windows 98 Home PC 
    has been repeatedly scanned from a single IP 
    address.  The IP address is registed to an IP Block 
    that belongs to the brother of SEC33's Kelvin.   I 
    wonder if they are looking for my family vacation 
    pictures?  Maybe I am running the spider on my Win 
    98 Box?  Maybe they are trying to break into my 98 
    box to try and VPN back into my employers 
    network?   I am an employee of a company that  
    Kelvin seems to have a large amount of hate for.  I 
    am not sure what they are doing but I will contact 
    their upstream provider on Monday and produce my 
    logs.      
    
    Kelvin is an ex  employee of the company that he is 
    consistantly spewing trash about and he has some 
    very big personal problems.   The question is, why is 
    he so mad at his former employer?  Why do any of 
    the real security people on this web site listen and 
    respond to his trash?  Why do they quote him in 
    articles on this site?  He's a script kiddie that is mad 
    at his ex employer.
    
    Here is a cut of the log for anyone who cares:
    
    FWIN,2001/07/28,12:06:22 -5:00 
    GMT,209.198.133.194:3007,66.68.168.38:876,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:22 -5:00 
    GMT,209.198.133.194:3008,66.68.168.38:2020,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:22 -5:00 
    GMT,209.198.133.194:3009,66.68.168.38:1433,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:22 -5:00 
    GMT,209.198.133.194:3010,66.68.168.38:334,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:22 -5:00 
    GMT,209.198.133.194:3011,66.68.168.38:241,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3012,66.68.168.38:909,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3013,66.68.168.38:406,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3014,66.68.168.38:315,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3015,66.68.168.38:2111,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3016,66.68.168.38:5011,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:27 -5:00 
    GMT,209.198.133.194:3017,66.68.168.38:828,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3018,66.68.168.38:1355,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3019,66.68.168.38:895,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3020,66.68.168.38:766,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3021,66.68.168.38:332,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3022,66.68.168.38:363,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3023,66.68.168.38:882,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3024,66.68.168.38:1537,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3025,66.68.168.38:1022,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3026,66.68.168.38:581,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3027,66.68.168.38:470,TCP 
    (flags:S)
    FWIN,2001/07/28,12:06:28 -5:00 
    GMT,209.198.133.194:3028,66.68.168.38:593,TCP 
    (flags:S)
    
    
    P.S.  Loyal, remember this line:
    
    "The prosecution would like to enter into evidence 
    logs from an employees home pc"
    
    You will have a chance to hear it.
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:27:17 PDT