If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Windows Exploit Faked Update Connection Attempt.
Hello,
Getting connection attempts from someone pretending to be as a microsoft update. - Bright minds wasted on hacking. Here is my connection log. File Version : 5.1.2600.0 (xpclient.010817-1148) File Description : Generic Host Process for Win32 Services (svchost.exe) File Path : C:\WINDOWS\system32\svchost.exe Process ID : 0x5A4 (Heximal) 1444 (Decimal) Connection origin : remote initiated Protocol : UDP Local Address : 24.30.191.253 Local Port : 1029 Remote Name : Remote Address : 206.255.15.20 Remote Port : 12576 Ethernet packet details: Ethernet II (Packet Length: 851) Destination: 00-40-2b-70-9f-db Source: 00-03-6c-4a-18-a8 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 112 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0xa349 (Correct) Source: 206.255.15.20 Destination: 24.30.191.253 User Datagram Protocol Source port: 12576 Destination port: 1029 Length: 8 Checksum: 0x0 (Correct) Data (817 Bytes) Binary dump of the packet: 0000: 00 40 2B 70 9F DB 00 03 : 6C 4A 18 A8 08 00 45 00 | . 0010: 03 45 47 D6 00 00 70 11 : 49 A3 CE FF 0F 14 18 1E | .EG...p.I....... 0020: BF FD 31 20 04 05 03 31 : 00 00 04 00 28 00 10 00 | ..1 ...1....(... 0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................ 0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O. 0050: E6 FC CC 43 77 C7 C1 67 : 9D E9 73 5B 18 10 7D E2 | ...Cw..g..s[..}. 0060: FA 5B 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | .[.............. 0070: FF FF FF FF D9 02 00 00 : 00 00 13 00 00 00 00 00 | ................ 0080: 00 00 13 00 00 00 4D 49 : 43 52 4F 53 4F 46 54 20 | ......MICROSOFT 0090: 4E 45 54 57 4F 52 4B 53 : 00 00 13 00 00 00 00 00 | NETWORKS........ 00A0: 00 00 13 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53 | ......WINDOWS US 00B0: 45 52 00 00 00 00 00 00 : 00 00 8D 02 00 00 00 00 | ER.............. 00C0: 00 00 8D 02 00 00 4D 69 : 63 72 6F 73 6F 66 74 20 | ......Microsoft 00D0: 53 65 63 75 72 69 74 79 : 20 42 75 6C 6C 65 74 69 | Security Bulleti 00E0: 6E 20 4D 53 30 33 2D 30 : 34 33 0D 0A 0D 0A 42 75 | n MS03-043....Bu 00F0: 66 66 65 72 20 4F 76 65 : 72 72 75 6E 20 69 6E 20 | ffer Overrun in 0100: 4D 65 73 73 65 6E 67 65 : 72 20 53 65 72 76 69 63 | Messenger Servic 0110: 65 20 43 6F 75 6C 64 20 : 41 6C 6C 6F 77 20 43 6F | e Could Allow Co 0120: 64 65 20 45 78 65 63 75 : 74 69 6F 6E 20 28 38 32 | de Execution (82 0130: 38 30 33 35 29 0D 0A 0D : 0A 41 66 66 65 63 74 65 | 8035)....Affecte 0140: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A | d Softwa .... 0150: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 | Microsoft Window 0160: 73 20 4E 54 20 57 6F 72 : 6B 73 74 61 74 69 6F 6E | s NT Workstation 0170: 20 0D 0A 4D 69 63 72 6F : 73 6F 66 74 20 57 69 6E | ..Microsoft Win 0180: 64 6F 77 73 20 4E 54 20 : 53 65 72 76 65 72 20 34 | dows NT Server 4 0190: 2E 30 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57 | .0 ..Microsoft W 01A0: 69 6E 64 6F 77 73 20 32 : 30 30 30 20 20 20 0D 0A | indows 2000 .. 01B0: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 | Microsoft Window 01C0: 73 20 58 50 20 20 0D 0A : 4D 69 63 72 6F 73 6F 66 | s XP ..Microsof 01D0: 74 20 57 69 6E 64 6F 77 : 73 20 57 69 6E 39 38 20 | t Windows Win98 01E0: 20 20 0D 0A 4D 69 63 72 : 6F 73 6F 66 74 20 57 69 | ..Microsoft Wi 01F0: 6E 64 6F 77 73 20 53 65 : 72 76 65 72 20 32 30 30 | ndows Server 200 0200: 33 0D 0A 0D 0A 4E 6F 6E : 20 41 66 66 65 63 74 65 | 3....Non Affecte 0210: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A | d Softwa .... 0220: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 | Microsoft Window 0230: 73 20 4D 69 6C 6C 65 6E : 6E 69 75 6D 20 45 64 69 | s Millennium Edi 0240: 74 69 6F 6E 0D 0A 0D 0A : 59 6F 75 72 20 73 79 73 | tion....Your sys 0250: 74 65 6D 20 69 73 20 61 : 66 66 65 63 74 65 64 2C | tem is affected, 0260: 20 64 6F 77 6E 6C 6F 61 : 64 20 74 68 65 20 70 61 | download the pa 0270: 74 63 68 20 66 72 6F 6D : 20 74 68 65 20 61 64 64 | tch from the add 0280: 72 65 73 73 20 62 65 6C : 6F 77 20 21 20 0D 0A 46 | ress below ! ..F 0290: 49 52 53 54 20 54 59 50 : 45 20 54 48 45 20 41 44 | IRST TYPE THE AD 02A0: 44 52 45 53 53 20 42 45 : 4C 4F 57 20 49 4E 54 4F | DRESS BELOW INTO 02B0: 20 59 4F 55 52 20 49 4E : 54 45 52 4E 45 54 20 42 | YOUR INTERNET B 02C0: 52 4F 57 53 45 52 2C 20 : 54 48 45 4E 20 43 4C 49 | ROWSER, THEN CLI 02D0: 43 4B 20 27 4F 4B 27 2E : 0D 0A 54 48 45 20 41 44 | CK 'OK'...THE AD 02E0: 44 52 45 53 53 20 57 49 : 4C 4C 20 44 49 53 41 50 | DRESS WILL DISAP 02F0: 50 45 41 52 20 4F 4E 43 : 45 20 59 4F 55 20 48 49 | PEAR ONCE YOU HI 0300: 54 20 27 4F 4B 27 2E 0D : 0A 0D 0A 20 20 20 20 20 | T 'OK'..... 0310: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 | 0320: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 | 0330: 20 20 20 20 20 20 20 20 : 20 20 20 77 77 77 2E 77 | www.w 0340: 69 6E 64 6F 77 73 70 61 : 74 63 68 2E 69 6E 66 6F | indowspatch.info 0350: 0D 0A 00 : | ... |
Ads |
#2
|
|||
|
|||
Windows Exploit Faked Update Connection Attempt.
Make sure your firewall is enabled. You cannot prevent a hacker
from attempting to connect to your computer, but your firewall can prevent the connection from actually occurring. If you are using a third-party firewall program, then you need to disable Windows XP's firewall. HOW TO: Enable or Disable Internet Connection Firewall in Windows XP http://support.microsoft.com/default...&Product=winxp Special note if you use AOL: America Online installs its own connection settings that override the ones that come with Windows XP. America Online's connection settings don't include a way to turn on Windows XP's built-in firewall. Visit the following web site for instructions on downloading a FREE firewall program for your computer. Ref: http://www.updatexp.com/free.html -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ -------------------------------------------------------------------------- "willisharps" wrote in message: ... | Hello, | | Getting connection attempts from someone pretending to be | as a microsoft update. | - Bright minds wasted on hacking. | | Here is my connection log. | | File Version : 5.1.2600.0 (xpclient.010817-1148) | File Description : Generic Host Process for Win32 | Services (svchost.exe) | File Path : C:\WINDOWS\system32\svchost.exe | Process ID : 0x5A4 (Heximal) 1444 (Decimal) | | Connection origin : remote initiated | Protocol : UDP | Local Address : 24.30.191.253 | Local Port : 1029 | Remote Name : | Remote Address : 206.255.15.20 | Remote Port : 12576 | | Ethernet packet details: | Ethernet II (Packet Length: 851) | Destination: 00-40-2b-70-9f-db | Source: 00-03-6c-4a-18-a8 | Type: IP (0x0800) | Internet Protocol | Version: 4 | Header Length: 20 bytes | Flags: | .0.. = Don't fragment: Not set | ..0. = More fragments: Not set | Fragment offset:0 | Time to live: 112 | Protocol: 0x11 (UDP - User Datagram Protocol) | Header checksum: 0xa349 (Correct) | Source: 206.255.15.20 | Destination: 24.30.191.253 | User Datagram Protocol | Source port: 12576 | Destination port: 1029 | Length: 8 | Checksum: 0x0 (Correct) | Data (817 Bytes) | | Binary dump of the packet: | 0000: 00 40 2B 70 9F DB 00 03 : 6C 4A 18 A8 08 00 45 00 || . | 0010: 03 45 47 D6 00 00 70 11 : 49 A3 CE FF 0F 14 18 1E || .EG...p.I....... | 0020: BF FD 31 20 04 05 03 31 : 00 00 04 00 28 00 10 00 || ..1 ...1....(... | 0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 || ................ | 0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 || ....{Z........O. | 0050: E6 FC CC 43 77 C7 C1 67 : 9D E9 73 5B 18 10 7D E2 || ...Cw..g..s[..}. | 0060: FA 5B 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 || .[.............. | 0070: FF FF FF FF D9 02 00 00 : 00 00 13 00 00 00 00 00 || ................ | 0080: 00 00 13 00 00 00 4D 49 : 43 52 4F 53 4F 46 54 20 || ......MICROSOFT | 0090: 4E 45 54 57 4F 52 4B 53 : 00 00 13 00 00 00 00 00 || NETWORKS........ | 00A0: 00 00 13 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53 || ......WINDOWS US | 00B0: 45 52 00 00 00 00 00 00 : 00 00 8D 02 00 00 00 00 || ER.............. | 00C0: 00 00 8D 02 00 00 4D 69 : 63 72 6F 73 6F 66 74 20 || ......Microsoft | 00D0: 53 65 63 75 72 69 74 79 : 20 42 75 6C 6C 65 74 69 || Security Bulleti | 00E0: 6E 20 4D 53 30 33 2D 30 : 34 33 0D 0A 0D 0A 42 75 || n MS03-043....Bu | 00F0: 66 66 65 72 20 4F 76 65 : 72 72 75 6E 20 69 6E 20 || ffer Overrun in | 0100: 4D 65 73 73 65 6E 67 65 : 72 20 53 65 72 76 69 63 || Messenger Servic | 0110: 65 20 43 6F 75 6C 64 20 : 41 6C 6C 6F 77 20 43 6F || e Could Allow Co | 0120: 64 65 20 45 78 65 63 75 : 74 69 6F 6E 20 28 38 32 || de Execution (82 | 0130: 38 30 33 35 29 0D 0A 0D : 0A 41 66 66 65 63 74 65 || 8035)....Affecte | 0140: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A || d Softwa .... | 0150: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 || Microsoft Window | 0160: 73 20 4E 54 20 57 6F 72 : 6B 73 74 61 74 69 6F 6E || s NT Workstation | 0170: 20 0D 0A 4D 69 63 72 6F : 73 6F 66 74 20 57 69 6E || ..Microsoft Win | 0180: 64 6F 77 73 20 4E 54 20 : 53 65 72 76 65 72 20 34 || dows NT Server 4 | 0190: 2E 30 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57 || .0 ..Microsoft W | 01A0: 69 6E 64 6F 77 73 20 32 : 30 30 30 20 20 20 0D 0A || indows 2000 .. | 01B0: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 || Microsoft Window | 01C0: 73 20 58 50 20 20 0D 0A : 4D 69 63 72 6F 73 6F 66 || s XP ..Microsof | 01D0: 74 20 57 69 6E 64 6F 77 : 73 20 57 69 6E 39 38 20 || t Windows Win98 | 01E0: 20 20 0D 0A 4D 69 63 72 : 6F 73 6F 66 74 20 57 69 || ..Microsoft Wi | 01F0: 6E 64 6F 77 73 20 53 65 : 72 76 65 72 20 32 30 30 || ndows Server 200 | 0200: 33 0D 0A 0D 0A 4E 6F 6E : 20 41 66 66 65 63 74 65 || 3....Non Affecte | 0210: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A || d Softwa .... | 0220: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77 || Microsoft Window | 0230: 73 20 4D 69 6C 6C 65 6E : 6E 69 75 6D 20 45 64 69 || s Millennium Edi | 0240: 74 69 6F 6E 0D 0A 0D 0A : 59 6F 75 72 20 73 79 73 || tion....Your sys | 0250: 74 65 6D 20 69 73 20 61 : 66 66 65 63 74 65 64 2C || tem is affected, | 0260: 20 64 6F 77 6E 6C 6F 61 : 64 20 74 68 65 20 70 61 || download the pa | 0270: 74 63 68 20 66 72 6F 6D : 20 74 68 65 20 61 64 64 || tch from the add | 0280: 72 65 73 73 20 62 65 6C : 6F 77 20 21 20 0D 0A 46 || ress below ! ..F | 0290: 49 52 53 54 20 54 59 50 : 45 20 54 48 45 20 41 44 || IRST TYPE THE AD | 02A0: 44 52 45 53 53 20 42 45 : 4C 4F 57 20 49 4E 54 4F || DRESS BELOW INTO | 02B0: 20 59 4F 55 52 20 49 4E : 54 45 52 4E 45 54 20 42 || YOUR INTERNET B | 02C0: 52 4F 57 53 45 52 2C 20 : 54 48 45 4E 20 43 4C 49 || ROWSER, THEN CLI | 02D0: 43 4B 20 27 4F 4B 27 2E : 0D 0A 54 48 45 20 41 44 || CK 'OK'...THE AD | 02E0: 44 52 45 53 53 20 57 49 : 4C 4C 20 44 49 53 41 50 || DRESS WILL DISAP | 02F0: 50 45 41 52 20 4F 4E 43 : 45 20 59 4F 55 20 48 49 || PEAR ONCE YOU HI | 0300: 54 20 27 4F 4B 27 2E 0D : 0A 0D 0A 20 20 20 20 20 || T 'OK'..... | 0310: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 || | 0320: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 || | 0330: 20 20 20 20 20 20 20 20 : 20 20 20 77 77 77 2E 77 || www.w | 0340: 69 6E 64 6F 77 73 70 61 : 74 63 68 2E 69 6E 66 6F || indowspatch.info | 0350: 0D 0A 00 : || ... |
Thread Tools | |
Display Modes | |
|
|