Someone traceroute for me please

[Stalker]

Hey,

im under all day TCP attack on port 1084 (NOT MSBlast) from 195.157.100.129.

can someone please find out as much as possible on this for me please. I can barely even load this page & browsing or FTP is well out of the question .

it may be some other virus, i'll give whoever it is the benfit of the doubt until i see the results etc.

thankyou in advance,

§talker

[The_real_dj]

Heres the location of the attacker!!!
pop an email to the abuse address!!

Cheers

DJ


role: Netscalibur UK Hostmaster
address: Netscalibur UK Ltd
address: 9 Selsdon Way
address: Cityharbour
address: London E14 9GL
address: UK
phone: +44 (0)870 887 8800
fax-no: +44 (0)870 887 8867
e-mail: hostmaster@netscalibur.co.uk
admin-c: CSP3-RIPE
admin-c: SY131-RIPE
tech-c: NSUK1-RIPE
tech-c: NSUK3-RIPE
nic-hdl: NSUK2-RIPE
remarks: Hostmaster
remarks: ****
remarks: * All abuse reports to abuse@netscalibur.co.uk

[Stalker]

tyvm The_real_dj, i'll give em a ring tommorow, always works better than abuse emails as they never get followed up

§talk

[tomw]

How do you do a trace route

Quote:

Originally posted by tomw
How do you do a trace route

From a command prompt, type "tracert", followed by the address, such as:-

tracert www.nthellworld.co.uk
or
tracert 195.157.100.129

[Richard M]

lmao...

http://195.157.100.129/

It's just a webserver...

[Stalker]

both PC's turned off last night, router was being hit HARD till 3am. Either thats an infected webserver or.....i dunno!

seems ok now though, but it was so bad yesterday that i couldn't use the net well at all

§talk

[Seb]

Stalker do you still want a traceroute? I've done one if you want it.

Seb

[Stalker]

i'll take anything you have Seb, this is looking very strange from my point of view , even more so after finding out its a webserver

§talk

[Lord Nikon]

Has anyone thought it could have been a Spoofed IP?


It isn't a IIS webserver though lol

Server nc3-0028.web.uk.netscalibur.com on port 80 is running:

Apache/1.3.20 Sun Cobalt (Unix) mod_jk mod_ssl/2.8.4 OpenSSL/0.9.6 PHP/4.0.6 FrontPage/5.0.2.2510 mod_perl/1.26

Other information returned by server...

Requested path: /
HTTP/1.1 302 Found
Date: Fri, 22 Aug 2003 10:15:08 GMT
Location: http://nc3-0028.web.uk.netscalibur.com/
Connection: close
Content-Type: text/html; charset=iso-8859-1

Server Response time: 0.839056 seconds

[Nemesis]

Stalker, have you called them ?

[Stalker]

ive taken that into consideration but for a DOS attack, what would they hope to acheive apart from pi$*in me off

The IP resolves to netscalibur.co.uk/ which offers hosting services.

i personally dont think that a company would do anything like that as it reflects back on them, so something more sinister is looking more likely.

I think i'll leave it as long as it dosen't happen again

§talk

[Stalker]

bloody hell Lord Nikon

what did you use for that???!!!!!!

§talk

PS. no, i haven't called them, you think i should?

[Lord Nikon]

Port Authority Database

Port 1084

Name:
ansoft-lm-2

Purpose:
Anasoft License Manager


So, no idea what would be using that IP really.

[Seb]

Here you go

Quote:

Tracing route to nc3-0028.web.uk.netscalibur.com [195.157.100.129]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 192.168.0.1
2 10 ms 10 ms 10 ms 10.132.39.254
3 <10 ms 10 ms 10 ms cmbg-t2cam1-b-ge95.inet.ntl.com [80.1.202.161]
4 <10 ms 11 ms <10 ms cmbg-t2core-b-ge-wan61.inet.ntl.com [80.1.201.153]
5 10 ms 10 ms 10 ms nth-bb-b-so-210-0.inet.ntl.com [62.253.188.197]
6 10 ms 10 ms 21 ms nth-bb-a-ae0-0.inet.ntl.com [62.253.185.117]
7 10 ms 20 ms 20 ms gfd-bb-b-so-400-0.inet.ntl.com [62.253.185.98]
8 20 ms 10 ms 10 ms tele-ic-2-so-100-0.inet.ntl.com [62.253.185.74]
9 10 ms 40 ms 20 ms linx-gw2.uk.netscalibur.net [195.66.226.47]
10 10 ms 20 ms 30 ms g2-1.br1.th.rtr.uk.netscalibur.net [195.157.6.225]
11 10 ms 20 ms 40 ms g1-1.dist1.th.rtr.uk.netscalibur.net [195.157.6.178]
12 10 ms 20 ms 20 ms 511.cr11.th.rtr.uk.netscalibur.net [195.157.7.98]
13 10 ms 20 ms 10 ms nc3-0028.web.uk.netscalibur.com [195.157.100.129]

Trace complete.

Seb