Repeated attempts to gain access to my comp

[smaier69]

i run a small LAN that has public ip's on the different computers. i have set up the security precautions to log all attempts to gain access to my computer by an outside internet based source.
the issue (not really a problem at this juncture) is that there is one source in particular that has been repeatedly making access attempts. ARIN has given me the name and source of the various ip's making these attempts. just for arguement's sake, the source is


Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695

i have made calls to this organization as to the nature of their attempts, and have had to leave voicemails for a guy named "Bill". as of yet there have been no responses from him.

is there a way to make this sort of thing stop (one or two attempts are normal, i'm sure due to the existance of "web crawlers" and such, but i think over the past week alone i have logged about 50 different instances for the above mentioned source. that makes me a little nervous. they are making attempts using a variety of ip adresses, protocols and ports). i have asked "Bill" in my voicemails to cease, but i would like to also know what their intent is as well.

any input from anyone?

[This message has been edited by smaier69 (edited 08-10-2000).]

[This message has been edited by smaier69 (edited 08-10-2000).]

[smaier69]

okay, i have an update to my above post.

Bill called me back (a nice guy, by the way), and he said they work with ARIN on some level dealing with internet number allocations. he was very honest and forthcoming, and i feel kind of guilty about assuming he/his company was up to no good.

at any rate, we both came to the tenative conclusion that it is probably a hacker who is spoofing his ip address (bill told me they dont have or use the ip's that i have logged) i guess the next step is to contact my isp, since they are doing the routing. i will post any updates/information i get.

any other suggestions/insight is also appreciated

[TonyT]

Well, I would bet that the probes are coming from them somehow. They sure have the capability to do whatever they want with computers! "Bill", the guy you talked to just doesn't know about it!

ISI

[rosana]

I have that same problem too smaier69. They are doing it right now to get into my computer.


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for spec

Their phone number is 310-823-9358. Can someone call in the US as I am in Sydney. My McAfee tracer says these are the areas of locations are New York, Mexico Ciudad De, Santa Fe De Bogota, Lima, Sao Paulo, Moskva, Istanbul, Bombay, Seoul, Manila and Jakarta.

Rosanna

[mnosteele52]

rosana do you realize that this thread is 6 years old?

[Sava700]

rosana do you realize that this thread is 6 years old?

LMAO!!

[filth70]

i could be manny years old but im still getting attacks from that source.... i dont know what the hell theyre trying to do but its continuous..... heres the info below......


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

[Pettos]

rosana do you realize that this thread is 6 years old?

Don't you clean up your forums? rofl.

Also, do what the rest of us do... Deny the access, and run a virus scan - other than your firewall software.

For all you know that business name is a fake.

[Cloudizme]

Old thread, I know, but I too am getting this, but it is being detected as "Zune Bus Enumerator", I just installed my new Zune software so I figured it was an update for the software or something, but I'm getting a message litterally every 2-5 minutes saying it has been blocked. Which is pretty scary if you ask me.

Here is the backtrace from my firewall:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org



Any information on this would be helped.

[Tech Manager]

The 192.168.0.0/16 is reserved for private networks. A good example of a private network is one, two, three or more home computers connected to DSL or Cable through a cheap router.

While it is remotely possible that someone from outside is attempting to access your internal network on this IP range (or the 10. previously mentioned) it is more likely that the activity in question is taking place from within your network.

The fact that you are seeing internal traffic on this network range is not usually something worthy of sounding an alarm and jumping to conclusions. There are perfectly safe and normal reasons for seeing traffic related to an internal/private IP range.

While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

The likelihood of the alert responding to something malicious is plausible but unlikely. I would suggest running a good antivirus program with up to date virus definitions and monitor your port traffic to see which ports are actively listening.

Start by running some netstat commands.

Good luck.

[OSULLY]

While this traffic is generally safe it often causes alerts on certain software firewalls or other secuirty suites. The problem is often related to the fact that these software products are not meant to be used and understood by your average user.

The likelihood of the alert responding to something malicious is plausible but unlikely.

Tad bit condescending and imo misleading.

OSULLY

[JustSomeTech]

Just a note... Today, my roommate's Internet Gaming League account was hacked and all user accounts in his league were deleted. When the site's tech support was consulted, he was given this IP: 10.7.168.31...Which yeilded the same whois info as noted above.

[morghanphoenix]

Bloody obvious scam off a craigslist posting today, and all of the IPs in the header are registered to:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

[Frederic1754]

What I have learned.
These guys are tracking every thing you do. Every thing. From emails to what you watch on your computer. TV, Movies. WMPlayer.
Even after you think you have cleaned up after your self before you shut down, they have placed a program in you comp, that has disguised itself as operating start up system program. So that when you turn on your comp,puter, It sends out all your surfing, letters and whatever to them.
Even with my internet blocked. (and it says blocked), I found out it goes around it, and sends the info. A friend and I set up a watch dog on are modem and sure enough the modem started working even though the lights on it were still. This company is sending the info to HOME LAND SECURITY. They are all so selling it to whoever wants to by it.
Of course they are going to be the nicest guys, (BILL), When they bull **** you With," Oh its not us some one must be using are ip numbers". Go to the nearest used car lot and you will find a guy named Bill there too. Homeland security, protects these guys so forget abut shutting them down. Homeland is watching every one all around the world. Yes, even you in Sydney. This company will hack your comp, take what they can, sell it to whoever, AND THE ARE PROTECTED BY HOME LAND SECURITY, here in the US.
This is not "SciFi" any more. This is the real thing.
BIG BROTHER IS WATCHING YOU. ALL OF YOU, US.

[Tech Manager]

Tad bit condescending and imo misleading.

OSULLY

It certainly wasn't meant to be condescending. As for being misleading, may I ask you how it is misleading?

[Remove2]

I too am now being spammed by this. I never used to be, then I found your site and tested my DL and UL speed. After that, I have been spammed by this IP.

My firewall blocks a bunch of attempts, but one always gets through. I do a back trace and it shows the same results time and again.

I am sure that your site has nothing to do with the issue, but I was hoping that you may have some suggestions that can help me to block these people.

Side note: I think you guys and gals do a great job here and I thank you for your help. I didnt want it to sound like it was your fault or anything like that. What I meant by this is that I may have alerted someone to my presence when I used a mirror link to check my speed. I don't even know if that is possible lol.
Anyway, thank s again.

If anyone has any suggestions, please help. :]

Thank you,
Remove2

[mitagera]

Hello,

Just to say that i´ve also been a spammed. And i live in Portugal...

What can i say...


OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16


Thanks,
Mitagera

[Karusai]

It could be, more than likely, that their server's are/were infected with malicious software such as adware/malware/spyware/trojans, etc. That is what I get out of this information. I also know, for a fact myself, that using this proxy:74.86.156.18 on port:3128, you can surf the web with High Anonymity, which traces back to the same people. That's how I found this proxy server.

[Karusai]

Ahh, as I was trying to post that last one, I found out that using that proxy, you can not sign in to any Log In based forum's, web based e-mail's, games, etc. I think that they are key logger's... Working in part for the Home Land Security to help monitor and invade Americans privacy. If your into politics, I am posting videos about some the thing's our so called "Grand" government is doing. My S/N for you-tube is regnitSnoiprocS, feel free to check it out.

[kbellichard1234]

My network was invaded when WEP was off. Now my computer is running verrrrrry slow. AVG took off the banker virus and trojan. Are there files in my startup to delete?

[wujan]

I installed linux fedora and thousands of people were hacking my ssh port!

Annoying - after i did some research i found i did not have to worry much if i have strong passwords.

[lokgiordan40]

hi, i'm running a software to control the traffic on my computer called
netkeeper 3.10 and i found the same problems


there are many attacker and i think they disguise their identity as organizations of sort, my
conclusion is that is also possible that are real organization since they actually get into our
computer very easely.
now i'm here to post what i found ( it would be smarter if was possible to post screen shots of
my program




Local Information:
Address: 192.168.0.2
Port: 138


Remote Information:
Address: 192.168.0.255
Port: 138 (netbiosdgm, NETBIOS Datagram Service)
Orgnization: Internet Assigned Numbers Authority
Net Range: 192.168.0.0 - 192.168.255.255
Address: 4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Country: United States
Comment: This block is reserved for special purposes.
Please see RFC 1918 for additional information.
http://www.arin.net/reference/rfc/rfc1918.txt

Admin Contact:
Name: Internet Corporation for Assigned Names and Number
Phone: +1-310-301-5820
E-mail: abuse@iana.org

Tech Contact:
Name: Internet Corporation for Assigned Names and Number
Phone: +1-310-301-5820
E-mail: abuse@iana.org

Other Contacts:




-----------------------

Local Information:
Address: localhost
Port: 2280


Remote Information:
Address: 195.200.84.5
Port: 7024
Orgnization: Euroaccess USA
Net Range: 195.200.84.0 - 195.200.85.255
Country: United States

Admin Contact:
Name: EuroAccess Network Operations
Address: Alsacelaan 5
5627 CA Eindhoven
The Netherlands
Phone: +31 (0)20-7173209
Fax-no: +31 (0)40-2488764
E-mail: info@euroaccess.nl
Comment: ---------------------------------------------
! EuroAccess Enterprises Ltd. !
! providing bandwidth and hosting solutions !
---------------------------------------------
! ABUSE COMPLAINTS TO: !
! abuse@euroaccess.nl !
! E-MAILS SENT TO OTHER ADDRESSES !
! WILL BE IGNORED !
---------------------------------------------

Tech Contact:
Other Contacts:


----------------------------------------





Local Information:
Address: localhost
Port: 2282


Remote Information:
Address: 195.222.17.35
Port: 7024
Orgnization: Kaspersky Lab ZAO
Geroev Panfilovtsev 10
125363 Moccow
Net Range: 195.222.17.32 - 195.222.17.63
Country: Estonia

Admin Contact:
Name: Sergey Fomin
Address: System Administrator /Kaspersky Lab Ltd
10, Geroyev Panfilovtsev Str.,
123363, Moscow, Russia
Phone: +7 495 797 87 00
+7 495 797 87 07
Fax-no: +7 495 797 87 00
E-mail:

Tech Contact:
Other Contacts:




-------------------------------------




Local Information:
Address: 192.168.0.2
Port: 137


Remote Information:
Address: 85.12.57.87
Port: 137 (netbiosns, NETBIOS Name Service nbns)
Orgnization: Euroaccess
Net Range: 85.12.0.0 - 85.12.63.255
Country: Netherlands

Admin Contact:
Name: EuroAccess Network Operations
Address: Alsacelaan 5
5627 CA Eindhoven
The Netherlands
Phone: +31 (0)20-7173209
Fax-no: +31 (0)40-2488764
E-mail: info@euroaccess.nl
Comment: ---------------------------------------------
! EuroAccess Enterprises Ltd. !
! providing bandwidth and hosting solutions !
---------------------------------------------
! ABUSE COMPLAINTS TO: !
! abuse@euroaccess.nl !
! E-MAILS SENT TO OTHER ADDRESSES !
! WILL BE IGNORED !
---------------------------------------------

Tech Contact:
Other Contacts:


















-----------------------------------------------






i today copied and pasted the DNS of this address on google and found a russian furum talking about this



host-12.LabKasperDTC.212.5.89.0.0xffffff00.macomnet.net


Address: localhost

Port: 1133

address : 212.5.89.12

DNA name: host-12.LabKasperDTC.212.5.89.0.0xffffff00.macomnet.net

Port: 7022



Organization: kaspersky Lab



Net Range: 212.5.89.0 - 212.5.89.255

country: Russian Federation



Admin Contact:



Name : sergey Formin



Address: System Administrator /kaspersky lab ltd 10, geroyev panfilovtsev Str.,

123363, moscow, russia



phone +7 495 797 87 00

fax-no : +7 495 797 87 00






this is my contribute, anyone ideas to block this hackers?

[JustWrong]

Hello,

I'm having this same problem, and have been for some time. I went in to my router to block the address it attaches with, IP and MAC addresses banned...Next thing I know, I can't sign back in to my router. WTF?

3676 Admiralty Way Suite 330 ? As it happens, I live less than a mile from that address. Maybe I'll go pay "Bill" a visit.

If I disappear from the face of the planet . . . Well . . . I won't do it without a fight . . . So somebody check back with me, and if I don't reply . . . Send the authorities.

Never know with Russians involved (Or Americans?)

[JustWrong]

Hello troubled internet users,

This is an update a few minutes after my original post. The address is actually within MY OWN BANK BUILDING. The bank is now Chase Bank (Formerly Washington Mutual). Who knows about the stuff upstairs though.

I don't know, but I'm going to find out. Me and 3 of my biggest Samoan friends, that is. One of them is nicnamed Sequoia, and he's the smallest of the three (Diamond Head, and Dusty are the other two {dusty stands for dust storm...ever seen the size of a dust storm}). I can't wait to go there.
=)

What are the chances THE CABLE COMPANY IS RESPONSIBLE? TIME WARNER CABLE COMPANY has everything to gain from jackin' up connections here in town. I'm going to have to put all my service in their hands and buy a couple new computers it sounds like????????????

[spu001]

I got hit by the same outfit today. Google maps shows the location to be ICANN ( http://www.icann.org/ ) You know, he ones that assign all of the internet addresses. Hence, i assume its a spoof addy. Other than that, they can have at my pc, that way anything else I do bad can be blamed on them...

Who put all of these mp3's on my computer???

[chinta]

Hi folks noticed that i am also being pestered by the guys at 4676 ADMIRALTY WAY. I live in Scotland in the UK and am amazed this seems to be happening all over the world. How can this be allowed to happen. Does anyone know the phone number of these clowns so i can give them a real ear bashing. Is there anything you can do to stop this happening???

[CloudKill9]

I'm just curious, but out of everybody who has had this problem..who here uses Hamachi or any similar service like a VPN?

[momof4]

Hi...new to this forum ..hope u are still out there!I have had a credit card compromised w/ 2 fraud charges so far. I have cancelled the card but am so angry that I have been doing some investigating. The crook opened up a Paypal acct. with my card # and gave an email address which I have tracked to a server located at the 4676 Amiralty #330 address....Can someone explain to me: does this mean that "they" have actually used a computer in that office to send emails???? or is the "server address" just an IP address that originates from this location? I am not so tech savvy...any ideas???

[DebtEnd]

My business website is being hacked. Important e-mails are stolen and the site gets no visitors. My ip has been blacklisted as a result, my e-mails spoofed with bouncebacks. When I run my ip on BlacklistAlert I get the following: WARNING: No Reverse-DNS (PTR) is assigned to my IP. Please request your Admin or Provider to fix this What can I do? This is what I received to my business e-mail.

Here's what I see on my Stats page. This is very troubling, as I am losing business. Any help for the following would be appreciated. Thanks.

Urchin Whois Service: 172.17.8.61

[Querying whois.arin.net]
[whois.arin.net]

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
NetName: PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
NetHandle: NET-172-16-0-0-1
Parent: NET-172-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is used as private address space.
Comment: Addresses from this block can be used by
Comment: anyone without any need to coordinate with
Comment: IANA or an Internet registry. Addresses from
Comment: this block are used in multiple, separately
Comment: operated networks.
Comment: This block was assigned by the IETF in the
Comment: Best Current Practice document, RFC 1918
Comment: which can be found at:
Comment: http://www.rfc-editor.org/rfc/rfc1918.txt
RegDate: 1994-03-15
Updated: 2010-03-15

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2010-04-23 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

[YeOldeStonecat]

My business website is being hacked. Important e-mails are stolen and the site gets no visitors. My ip has been blacklisted as a result, my e-mails spoofed with bouncebacks. When I run my ip on BlacklistAlert I get the following: WARNING: No Reverse-DNS (PTR) is assigned to my IP. Please request your Admin or Provider to fix this What can I do? This is what I received to my business e-mail.
]

This really needs a new thread.
First...whoever designed your website, I'd have them review it again, security wise, and I'd have them consider having it hosted at a better webhost.

Second...what is your e-mail setup? Do you host your own e-mail server? Or do you just do POP3? I'm going to guess you have your own mail server on your business network, as you're getting the RevDNS mentioned above. Or, maybe without your knowledge, there's a bot SMTP engine on your network.

[yomha]

I know this is an old thread, but after searching the internet for the address 4676 Admiralty Way, Suite 330 I came up with this thread.

These guys must be hackers.. they may or may not be at that address... more than likely that are spoofing that address.

They hacked my computer, grabbed a bunch of pictures off of it and posted them to the internet. You must assume that have total control of your PC.

[Pettos]

Hi all,

Now, this topic has started up again and is XX amount years old.

My suggestion to you all, if you don't have a firewall - Get one. If you do not have anti-virus software. Get some.

Please refer to this thread here for useful antivirus software.
--This thread is old, so some software may no longer be available for free--

From my experience, it pays to get secure. My Steam gaming account got hacked by the well known [myg0t] clan of hacking gamers. In result I was banned off multiple gaming servers.

I got secure after this. I found a keylogging virus on my computer. I was lucky, as I use internet banking, and was working for myself around the same time. They could have got much worse than my gaming account.

I use Avast! and Spybot S&D resident (this allows to see what software is changing anything in your registry. So if something something is to change, then it goes through me first. I am also on a network which has a firewall

They can keep knocking at the door all they want, but if you've got a firewall, and take every precaution to keep yourself safe, then they're not gonna get anywhere, and if they do, it'll take them some time to get in.... Now, it probably would no longer be worth their time trying to get into your computer when they can go to the millions of other unsecured computers online.

I didn't like it when I was told this; 'Learn to get secure, or unplug' ... I learnt the hard way. I would suggest that anyone who has had this occurring on their computers to immediately get a firewall, and to perform a full system scan, and to change all their passwords once the scans are complete

[acorn69]

Had the same problem but dont think its hackers,i could be wrong but i did find this name and address so it just seems like normal internet traffic.

Steve Sheng
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA , 90292
United States of America
Phone: +1.310.823.9358
EMail: steve.sheng@icann.org