網技版工友.. | -_-" 幹嘛啊, 一直駭..? 大大救郎哦~ 這幾天一直有人要在我的server植入木馬, 搞得我不勝其擾! 照以前的經驗, 就算用了LockDown2K來做Firewall, 被攻破也只不過是時間的問題.. 請問各位大大, 有辦法能夠制止這X的行為嗎?? 以下是8月4日的log檔, 底線是自己的IP, 隱藏起來.. =========================================================================== ** LockDown 2000 v7.0.0.6 - 星期六, 八月 4, 2001 - 10:08 PM 台北標準時間 ** :: Trojan network connectivity check enabled. :: Auto Trojan scan is activated. :: Nuke protection enabled. :: ICQ Nuke protection enabled. [2001/8/4 下午 10:09:12] System Area Change - Windows Directory - Rescanning [2001/8/4 下午 10:09:42] Scan Complete. [2001/8/4 下午 10:12:13] Incoming hack attempt from IP Address: 211.21.89.146 [2001/8/4 下午 10:12:13] Hacker is attempting to gain access using the Netbus trojan on port 12345. [2001/8/4 下午 10:12:13] Hacker's connection was terminated by Lockdown 2000. [2001/8/4 下午 10:12:13] Log auto-saved to: 08042001.LOG [2001/8/4 下午 10:12:27] Attempting to trace hacker's connection... Some traces may take a few minutes. [2001/8/4 下午 10:12:27] =[Trace Route]============================= 1 <10 ms <10 ms <10 ms 211.21.__.__ 2 60 ms 100 ms 121 ms 10.21.89.254 3 330 ms 1252 ms 881 ms 211.21.89.145 4 110 ms 1141 ms 621 ms 211.21.89.146 [= Trace Route Complete =] [2001/8/4 下午 10:12:28] Incoming hack attempt from IP Address: 211.21.89.146 [2001/8/4 下午 10:12:28] Hacker is attempting to gain access using the BackOrifice 2000 trojan on port 54320. [2001/8/4 下午 10:12:28] Hacker's connection was terminated by Lockdown 2000. [2001/8/4 下午 10:12:28] Log auto-saved to: 08042001.LOG [2001/8/4 下午 10:12:42] Attempting to trace hacker's connection... Some traces may take a few minutes. [2001/8/4 下午 10:12:42] =[Trace Route]============================= 1 <10 ms <10 ms <10 ms 211.21.__.__ 2 50 ms 70 ms 70 ms 10.21.89.254 3 100 ms 100 ms 100 ms 211.21.89.145 4 171 ms * 420 ms 211.21.89.146 [= Trace Route Complete =] [2001/8/4 下午 10:32:39] Incoming hack attempt from IP Address: 212.83.119.105 [2001/8/4 下午 10:32:39] Hacker is attempting to gain access using the Netbus trojan on port 12345. [2001/8/4 下午 10:32:39] Hacker's connection was terminated by Lockdown 2000. [2001/8/4 下午 10:32:39] Log auto-saved to: 08042001.LOG [2001/8/4 下午 10:33:25] Attempting to trace hacker's connection... Some traces may take a few minutes. [2001/8/4 下午 10:33:25] =[Trace Route]============================= 1 <10 ms <10 ms <10 ms 211.21.__.__ 2 61 ms 60 ms 60 ms 10.21.89.254 3 50 ms 60 ms 60 ms 168.95.84.122 4 50 ms 50 ms 50 ms 211.22.36.2 5 50 ms 50 ms 61 ms 168.95.207.26 6 50 ms 50 ms 50 ms 211.22.33.131 7 200 ms 200 ms 200 ms 202.39.91.1 8 210 ms 200 ms 210 ms 157.130.197.97 9 200 ms 200 ms 200 ms 152.63.53.14 10 200 ms 210 ms 200 ms 152.63.49.210 11 200 ms 210 ms 201 ms 152.63.50.189 12 200 ms 210 ms 201 ms 205.171.4.97 13 200 ms 210 ms 201 ms 205.171.22.118 14 200 ms 210 ms 211 ms 205.171.5.123 15 270 ms 271 ms 270 ms 205.171.5.113 16 260 ms 271 ms 260 ms 205.171.30.14 17 261 ms 270 ms 270 ms 205.171.30.142 18 351 ms 360 ms 361 ms 134.222.231.73 19 360 ms 351 ms 350 ms 134.222.230.110 20 371 ms 380 ms 391 ms 134.222.230.150 21 380 ms 391 ms 391 ms 134.222.119.233 22 381 ms 391 ms 380 ms 212.226.242.106 23 381 ms 390 ms 391 ms 212.226.242.98 24 390 ms 401 ms 400 ms 193.65.231.90 25 391 ms 400 ms 401 ms 212.83.96.169 26 400 ms 401 ms 400 ms 212.83.119.2 27 531 ms 511 ms 511 ms 212.83.119.105 [= Trace Route Complete =] [2001/8/4 下午 10:34:33] Incoming hack attempt from IP Address: 212.83.119.105 [2001/8/4 下午 10:34:33] Hacker is attempting to gain access using the Netbus trojan on port 12345. [2001/8/4 下午 10:34:33] Hacker's connection was terminated by Lockdown 2000. [2001/8/4 下午 10:34:33] Log auto-saved to: 08042001.LOG [2001/8/4 下午 10:35:18] Attempting to trace hacker's connection... Some traces may take a few minutes. [2001/8/4 下午 10:35:18] =[Trace Route]============================= 1 <10 ms <10 ms <10 ms 211.21.__.__ 2 50 ms 61 ms 70 ms 10.21.89.254 3 50 ms 50 ms 50 ms 168.95.84.122 4 50 ms 60 ms 60 ms 211.22.36.2 5 50 ms 60 ms 50 ms 168.95.207.26 6 50 ms 60 ms 60 ms 211.22.33.131 7 201 ms 200 ms 200 ms 202.39.91.1 8 201 ms 200 ms 210 ms 157.130.197.97 9 201 ms 210 ms 200 ms 152.63.53.14 10 201 ms 210 ms 200 ms 152.63.49.210 11 201 ms 200 ms 200 ms 152.63.50.189 12 210 ms 210 ms 200 ms 205.171.4.97 13 200 ms 210 ms 210 ms 205.171.22.118 14 200 ms 200 ms 211 ms 205.171.5.123 15 270 ms 270 ms 271 ms 205.171.5.113 16 260 ms 271 ms 280 ms 205.171.30.14 17 260 ms 271 ms 270 ms 205.171.30.142 18 351 ms 360 ms 361 ms 134.222.231.73 19 360 ms 351 ms 370 ms 134.222.230.110 20 381 ms 380 ms 381 ms 134.222.230.150 21 380 ms 391 ms 380 ms 134.222.119.233 22 381 ms 390 ms 391 ms 212.226.242.106 23 380 ms 391 ms 381 ms 212.226.242.98 24 391 ms 401 ms 390 ms 193.65.231.90 25 401 ms 390 ms 401 ms 212.83.96.169 26 400 ms 411 ms 400 ms 212.83.119.2 27 491 ms 521 ms 510 ms 212.83.119.105 [= Trace Route Complete =] [2001/8/4 下午 10:39:39] Incoming hack attempt from IP Address: 212.83.119.105 [2001/8/4 下午 10:39:39] Hacker is attempting to gain access using the Netbus trojan on port 12345. [2001/8/4 下午 10:39:39] Hacker's connection was terminated by Lockdown 2000. [2001/8/4 下午 10:39:39] Log auto-saved to: 08042001.LOG [2001/8/4 下午 10:40:24] Attempting to trace hacker's connection... Some traces may take a few minutes. [2001/8/4 下午 10:40:24] =[Trace Route]============================= 1 <10 ms <10 ms <10 ms 211.21.__.__ 2 60 ms 70 ms 60 ms 10.21.89.254 3 50 ms 60 ms 50 ms 168.95.84.122 4 50 ms 60 ms 50 ms 211.22.36.2 5 50 ms 60 ms 60 ms 168.95.207.26 6 51 ms 50 ms 60 ms 211.22.33.131 7 200 ms 201 ms 200 ms 202.39.91.1 8 210 ms 201 ms 210 ms 157.130.197.97 9 200 ms 211 ms 200 ms 152.63.53.14 10 200 ms 201 ms 200 ms 152.63.49.210 11 200 ms 201 ms 200 ms 152.63.50.189 12 200 ms 201 ms 210 ms 205.171.4.97 13 200 ms 211 ms 200 ms 205.171.22.118 14 201 ms 210 ms 200 ms 205.171.5.123 15 271 ms 270 ms 270 ms 205.171.5.113 16 260 ms 270 ms 261 ms 205.171.30.14 17 260 ms 271 ms 270 ms 205.171.30.142 18 350 ms 361 ms 360 ms 134.222.231.73 19 351 ms 360 ms 371 ms 134.222.230.110 20 370 ms 381 ms 380 ms 134.222.230.150 21 381 ms 380 ms 391 ms 134.222.119.233 22 380 ms 391 ms 391 ms 212.226.242.106 23 381 ms 391 ms 390 ms 212.226.242.98 24 391 ms 400 ms 391 ms 193.65.231.90 25 390 ms 401 ms 400 ms 212.83.96.169 26 401 ms 400 ms 401 ms 212.83.119.2 27 621 ms 540 ms 511 ms 212.83.119.105 =========================================================================== ![]() |
回覆 |
會員 ![]() | Re: -_-" 幹嘛啊, 一直駭..? 用netstat -a看一下你有開port 12345嗎 如果有,趕快用Ctrl+Alt+Del檢視目前的程式狀況 將來路不明的程式刪除吧...(使用The Cleaner軟體也可以) 如果沒有開port 12345 那就只是對方在try而已,不是真的入侵... 不用太緊張...^^ |
回覆 |
網技版工友.. | |
回覆 |
會員 ![]() | 引用:
趕快檢查是那支程式做怪吧... 祝好運~~ | |
回覆 |
網技版工友.. | 後續報告 後來安裝了Cleaner3, 讓它去掃硬碟看看, 結果 - 果然有一隻大陸來的王八蛋.把它delete掉. 後續再看看.. ![]() |
回覆 |
悄悄地愛上死亡 ![]() | 我的好像也中標了 ![]() |
回覆 |
會員 ![]() | 我也是用BlackICE,情況跟iget的差不多! 但以Cleaner3掃瞄,也沒發現什麼可疑的程式, 且以手工的方法檢查,也沒發現,又用NAV檢查, 也沒問題,我想這個情況應該不是中標! |
回覆 |
會員 ![]() | 引用:
所以才會拼命scan port 80 | |
回覆 |
|
![]() | ||||
主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
全台獨家首發華碩M4A78-E"絕張自摸"+酷媽REALPOWER PRO400W"獨聽銅牌"=我的"第一台" | auvistar | -- 電 腦 硬 體 討 論 版 | 7 | 2009-09-06 01:52 AM |
【閒聊】還有人記得"飛越比佛利"、"歡樂一家親"、"天才褓母"、"黃金女 | Van | -- 閒 話 家 常 灌 水 版 | 4 | 2004-01-09 09:36 AM |
"醫師"比較容易罹患"精神方面疾病"以及"豬頭"和"獅頭"這兩種毒品 | kuku0210 | -- 閒 話 家 常 灌 水 版 | 0 | 2001-12-30 04:49 PM |
有人會使用"非特殊機","只"使用CloneCD3.2.1.1備份出"三國志8"嗎? | kimdahk | -- 光 碟 燒 錄 討 論 版 | 2 | 2001-11-21 01:33 AM |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。