What on earth?

This person was a fellow customer of my ISP (judging from the IP address). This nonsense went on for hours until I got tired of it and asked several friends with very large bandwidth to "convince" this person to go offline.
What on Earth were they trying to do here?

 

Maybe a kid playing with SuperScan?

Or, if it was directed at you, maybe one of your neighbors doesn't like you (or whoever it was)?

Complaints to the ISP involved, including logfiles, would probably actually work in this instance, since the behavior was so sustained. Pete

 

If complaints to your ISP fail to resolve it, ask the guy his hat size.

 

Well, considering how we "convinced" him right offline ........

*cough* *cough*

He did it twice actually now that I think of it. He went offline after doing it for hours, then 30 minutes or so later another IP (also at my ISP) started the same s**t, so we "convinced" him he should be offline again.
I'm just wondering what the heck he was trying to do.

 

That's funny. I just put that addy. into Karen's URL Discombobulator and it came back with this: 0.0.18.254

?

Pete

 

Also, I'm getting 'no such host' and similar messages on SamSpade using the original addy.

Got any spooks living in your 'hood? Black vans parked in front of your house? Pete

 

It pings, though.

 

* Mike goes to poke at the bush that's sprouted up in the backyard since yesterday .......

 

Yeah, it pings. NeoTrace is doing a better job. You're in Atlanta, huh?

(Note: SamSpade worked much better when i dropped the last four numbers, too! <g> ). Pete

 

Nope. Collins.
http://www.google.com/url?sa=X&oi=map&q=http://www.mapquest.com/maps/map.adp%3Fcountry%3DUS%26address%3D%26city%3DCollins%26state%3DGA

 

Interesting. Last week, someone with an IP that traced back to yahoo.com kept probing at ports 5000 and 5001.

My IP changes when I go online just like any other dialup customer, so they're not after me. Think this is someone scanning the whole netblock? Sort of hard to believe someone has the bandwidth to scan the whole block continuously for hours like that.

 

Mike - If the bush checked out okay, look to the sky - them pesky reptilian aliens could be up to something again...

 

We are watching you for your own good, Peteling. Do not complain about the new growth in your garden either - it is home to those who seek to administer your planet wisely. It is the bush administration.

 

Mike

Beginning Friday an lasting until the a.m hours of Monday......I notice a trememdous amount of "traffic"....in fact, for the first time ever I reported a sub-seven attack to my ip.....from a person also using my ip......requesting only that the person be contacted and advised that his/her machine may be compromised.......(the person's machine did not even have a firewall)
it would appears to me that there were massive DOOS attacks going on over the weekend........its now Monday afternoon my area........an the net is very quiet

snowman

 

Mike

by the way...have you noticed any unusual amount of "internet broadcast" on upd port 68.......its supposedly coming from "assigned numbers "

snowman

 

One time a figment of my imagination came down outta the sky n gave me a chicklet.

 

Detox

naw....that was just an egg hatching....dropped from the earthship chickenlittle

 

Oh, that's what (who) it is! I feel much better (or is it worse?). Now, you've reminded me to re-read "1984", while I can still get my hands on a copy.

 

Paul, I was looking at the timing in the two logs and in the first one to me it looks more like a concerted effort to probe a bunch of ports looking for an opening. With 3+ second intervals, its not much of a Dos attack.
On the second log, although there are not many entries to look at, it looks like that could be an attempted DoS.
I am not that familiar with some of this and I don't know if someone would be taking the time and effort to spoof and run null scans on Mike, unless he really got to somebody.
Also that second log showing port 5000 could be some moron guessing that he had XP and had not secured port 5000 properly.
If I'm not mistaken, spoofing takes some smarts and some time to pull off. All in all, interesting to say the least.
Nice to know you have friends that can help out in a pinch, Mike.

 

No, nothing on port 68 that I can think of.

root, here's some more of that log so you can see what I was dealing with that night. There's so much that I didn't want to flood out the thread.

 

Mike

the 66.218.*** is that the url thats was involded??
Thats assigned to a <yahoo> account. if thats not you....??

snowman

 

Yeah, that's what was so weird about it. I couldn't figure why on Earth someone at yahoo was hammering at my firewall like that. I sent an abuse email to abuse@ and netblockadmin@ yahoo.com and CCed to my ISP. The ISP looked at their logs and said they'd see what they could find out. Haven't heard back about it.

 

Mike

not really so strange...<yahoo> is now an internet service provider.....one of its "customers" perhaps? an somehow got hold of your address?
the udp is what I find interesting because I also was being hammered......but didn't notice it except my cpu was running at full blast like the swap files had lost comtrol.....
By dis-connecting and stoping all outbound then I got an alert that an Internet Broadcast (udp port6 was prevented.........in fact its happening right now!.....I realize the need for the assigned numbers part...but this is highly unusual.....enormous traffic!!

snowman