Someone traceroute for me please
 

Hey,

im under all day TCP attack on port 1084 (NOT MSBlast) from 195.157.100.129. :mad: :mad: :mad:

can someone please find out as much as possible on this for me please. I can barely even load this page & browsing or FTP is well out of the question :mad:.

it may be some other virus, i'll give whoever it is the benfit of the doubt until i see the results etc.

thankyou in advance,

§talker

Heres the location of the attacker!!!
pop an email to the abuse address!!

Cheers

DJ


role: Netscalibur UK Hostmaster
address: Netscalibur UK Ltd
address: 9 Selsdon Way
address: Cityharbour
address: London E14 9GL
address: UK
phone: +44 (0)870 887 8800
fax-no: +44 (0)870 887 8867
e-mail: hostmaster@netscalibur.co.uk
admin-c: CSP3-RIPE
admin-c: SY131-RIPE
tech-c: NSUK1-RIPE
tech-c: NSUK3-RIPE
nic-hdl: NSUK2-RIPE
remarks: Hostmaster
remarks: ****
remarks: * All abuse reports to abuse@netscalibur.co.uk

tyvm The_real_dj, i'll give em a ring tommorow, always works better than abuse emails as they never get followed up :rolleyes:

§talk

How do you do a trace route

From a command prompt, type "tracert", followed by the address, such as:-

tracert www.nthellworld.co.uk
or
tracert 195.157.100.129

lmao...

http://195.157.100.129/

It's just a webserver... :D

both PC's turned off last night, router was being hit HARD till 3am. Either thats an infected webserver or.....i dunno! :(

seems ok now though, but it was so bad yesterday that i couldn't use the net well at all :(

§talk

Stalker do you still want a traceroute? I've done one if you want it.

Seb

i'll take anything you have Seb, this is looking very strange from my point of view :( , even more so after finding out its a webserver :confused:

§talk

Has anyone thought it could have been a Spoofed IP?


It isn't a IIS webserver though lol

Server nc3-0028.web.uk.netscalibur.com on port 80 is running:

Apache/1.3.20 Sun Cobalt (Unix) mod_jk mod_ssl/2.8.4 OpenSSL/0.9.6 PHP/4.0.6 FrontPage/5.0.2.2510 mod_perl/1.26

Other information returned by server...

Requested path: /
HTTP/1.1 302 Found
Date: Fri, 22 Aug 2003 10:15:08 GMT
Location: http://nc3-0028.web.uk.netscalibur.com/
Connection: close
Content-Type: text/html; charset=iso-8859-1

Server Response time: 0.839056 seconds

Stalker, have you called them ?

ive taken that into consideration but for a DOS attack, what would they hope to acheive apart from pi$*in me off :confused:

The IP resolves to netscalibur.co.uk/ which offers hosting services.

i personally dont think that a company would do anything like that as it reflects back on them, so something more sinister is looking more likely.

I think i'll leave it as long as it dosen't happen again :shrug:

§talk

bloody hell Lord Nikon

what did you use for that???!!!!!!:eek:

§talk

PS. no, i haven't called them, you think i should?

Port Authority Database

Port 1084

Name:
ansoft-lm-2

Purpose:
Anasoft License Manager


So, no idea what would be using that IP really.

Here you go

Seb