Port 80?
Michael Lauzon
mlauzon-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jun 23 21:55:16 UTC 2009
On Tue, Jun 23, 2009 at 17:41, cameron lord<trieocorp-PkbjNfxxIARBDgjK7y7TUQ at public.gmane.org> wrote:
> I already did, it still says apache, i hoked up my winxp laptop (sucks) to
> my swiches listen port, i have an intrusion problem o.O i found that when i
> run Wireshark i see TONNNS of data comming from my networked storage unit
> to, 99.243.63.182(AXCellsecure.trieocorp.e6a2ffi6ad.xxx.xxx.xxx.xxx) which
> is fine, its my isp assinged ip adderss, but when i look at the same addr
> on the computer it was given to , i have no traffic, and the data only flows
> when the the computer at my location is off. Also when i listen on my
> Firebox watchgaurd i see no traffic except for pings and dchp ack, and my
> vnc server, someone is bypassing one of the most advanced hardware firewalls
> ever! The data i found comming out of my cable modem is all going to
> 125.16.27.50,and then is being served to xxx.xxx.xxx.xxx, whichisnt very
> helpfull at all. so far theyve downloaded 2.5 TB of my data and i cant stop
> them, i need to have my server online at all times!
>
>
> cameron lord; Axcellsecure
>
It appears that you're being hacked by someone in Hyderabad, India:
Hostname: 125.16.27.50
ISP: Bharti Broadband
Organization: PROKARMA SOFTECH PVT LTD
Proxy: None detected
Type: Cable/DSL
Of course, they may be using that ISP's servers to route to your
server, so they could be anywhere.
--
Sincerely,
Michael Lauzon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list