[ale] OT: windows box hacked?

JB Wells jbwellsiv at yahoo.com
Tue Jan 16 01:49:35 EST 2001 

Guys,

Sorry to post an off topic...particularly regarding
Windows, but I'd trust your opinions more than anyone
else.  On my home development network, I have a few
machines, one of which is a Windows 98 machine.

Tonight, I had been connected to a dialup through a
PPP connection and was preparing to shut down.  When I
started to close the connection, I received "There are
(1) users connected to your computer.  Continuing will
disconnect . . ." etc, etc.  So, not being a
networking expert (especially not in windows) but
knowing enough to be dangerous, I did a 'netstat -a'
from a dos prompt and received the following:
------------------------------------------------
  Proto  Local Address          Foreign Address       
State
  TCP    margaritaville:1028    MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:7700    MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:1618    MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:135     MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:3306    MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:1025    MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:1028    localhost:3306        
ESTABLISHED
  TCP    margaritaville:3306    localhost:1028        
ESTABLISHED
  TCP    margaritaville:137     MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:138     MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:nbsession  MARGARITAVILLE:0   
   LISTENING
  TCP    margaritaville:1843   
www.networksolutions.com:80  TIME_WAIT
  TCP    margaritaville:1855   
208.184.29.50.doubleclick.net:80  TIME_WAIT
  TCP    margaritaville:137     MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:138     MARGARITAVILLE:0      
LISTENING
  TCP    margaritaville:nbsession  MARGARITAVILLE:0   
   LISTENING
  TCP    margaritaville:nbsession 
210-54-199-142.dialup.xtra.co.nz:2784  ESTABL
ISHED
  UDP    margaritaville:nbname  *:*
  UDP    margaritaville:nbdatagram  *:*
  UDP    margaritaville:nbname  *:*
  UDP    margaritaville:nbdatagram  *:*
---------------------------------------------------
margaritaville, as I'm sure you can guess, is my
machine name.  What caught my eye was this connection
from New Zealand, 210-54-199-142.dialup.xtra.co.nz.  
I looked around on the web and seemed to find a
general consensus that nbsession is a NETBIOS thing,
so I'm assuming someone out there had somehow opened a
windows networking connection to my machine.  

Does anyone on this list know of any logs that exist
for NETBIOS?  I'm not particularly worried about
anyone gaining access to the info on this machine (I
mainly use it to see how web pages will look across
platforms) but would be interested in seeing what this
individual was up to.

Thanks in advance, and please accept my apology for
the Win post.

JB

=====
--------------------------
John B. Wells IV
Application Developer
Acterna
6100 Lake Forrest Drive
Atlanta, GA  30328
404.531.8938

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list