Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2002
    Location
    St. Louis, MO
    Posts
    1,379

    Lightbulb Strange email, what is this

    myNetWatchman Incident [58142726] Src64.246.50.18) Targets:1


    FYI,

    myNetWatchman aggregates security events from a sensor network
    of more than 1400 firewalls around the world.
    Our sensors indicate suspicious activity originating from your network.

    Here are the aggregated firewall logs:
    Source IP: 64.246.50.18
    Source DNS: stlhosting.com
    Time Zone: UTC

    AgentName, Event Date Time, Destination IP, IP Protocol, Target Port, Issue Description, Source Port, Event Count
    Zshen, 17 Nov 2003 12:15:11, 12.216.x.x, 6, 113, IDENT Probe, 41004, 1
    Zshen, 17 Nov 2003 03:51:14, 12.216.x.x, 6, 113, IDENT Probe, 37636, 1
    Zshen, 16 Nov 2003 12:14:56, 12.216.x.x, 6, 113, IDENT Probe, 57857, 1
    Zshen, 16 Nov 2003 11:28:53, 12.216.x.x, 6, 113, IDENT Probe, 57508, 1
    Zshen, 16 Nov 2003 03:52:40, 12.216.x.x, 6, 113, IDENT Probe, 54125, 1
    Zshen, 15 Nov 2003 13:41:21, 12.216.x.x, 6, 113, IDENT Probe, 45381, 1
    Zshen, 15 Nov 2003 12:14:41, 12.216.x.x, 6, 113, IDENT Probe, 44649, 1
    Zshen, 14 Nov 2003 20:43:33, 12.216.x.x, 6, 113, IDENT Probe, 36735, 1
    Zshen, 14 Nov 2003 19:42:23, 12.216.x.x, 6, 113, IDENT Probe, 35834, 1
    Zshen, 14 Nov 2003 19:32:07, 12.216.x.x, 6, 113, IDENT Probe, 35716, 1
    Zshen, 14 Nov 2003 18:26:13, 12.216.x.x, 6, 113, IDENT Probe, 34912, 1
    Zshen, 14 Nov 2003 18:16:08, 12.216.x.x, 6, 113, IDENT Probe, 34747, 1
    Zshen, 14 Nov 2003 18:01:01, 12.216.x.x, 6, 113, IDENT Probe, 34586, 1
    Zshen, 14 Nov 2003 17:10:30, 12.216.x.x, 6, 113, IDENT Probe, 34032, 1
    Zshen, 14 Nov 2003 16:45:18, 12.216.x.x, 6, 113, IDENT Probe, 33661, 1
    Zshen, 14 Nov 2003 16:40:15, 12.216.x.x, 6, 113, IDENT Probe, 33600, 1
    Zshen, 14 Nov 2003 16:25:05, 12.216.x.x, 6, 113, IDENT Probe, 33430, 1
    Zshen, 14 Nov 2003 14:49:00, 12.216.x.x, 6, 113, IDENT Probe, 60649, 1
    Zshen, 14 Nov 2003 14:43:58, 12.216.x.x, 6, 113, IDENT Probe, 60595, 1
    Zshen, 14 Nov 2003 14:38:55, 12.216.x.x, 6, 113, IDENT Probe, 60536, 1
    Zshen, 14 Nov 2003 14:33:53, 12.216.x.x, 6, 113, IDENT Probe, 60471, 1
    Zshen, 14 Nov 2003 14:28:35, 12.216.x.x, 6, 113, IDENT Probe, 60411, 1
    Zshen, 14 Nov 2003 14:23:32, 12.216.x.x, 6, 113, IDENT Probe, 60359, 1
    Zshen, 14 Nov 2003 14:18:29, 12.216.x.x, 6, 113, IDENT Probe, 60307, 1
    Zshen, 14 Nov 2003 14:13:22, 12.216.x.x, 6, 113, IDENT Probe, 60260, 1
    Zshen, 14 Nov 2003 14:08:19, 12.216.x.x, 6, 113, IDENT Probe, 60197, 1
    Zshen, 14 Nov 2003 14:03:17, 12.216.x.x, 6, 113, IDENT Probe, 60142, 1
    Zshen, 14 Nov 2003 13:58:14, 12.216.x.x, 6, 113, IDENT Probe, 60081, 1
    Zshen, 14 Nov 2003 13:53:14, 12.216.x.x, 6, 113, IDENT Probe, 60026, 1
    Zshen, 14 Nov 2003 13:48:11, 12.216.x.x, 6, 113, IDENT Probe, 59966, 1
    Zshen, 14 Nov 2003 13:43:09, 12.216.x.x, 6, 113, IDENT Probe, 59940, 1
    Zshen, 14 Nov 2003 13:38:06, 12.216.x.x, 6, 113, IDENT Probe, 59905, 1
    Zshen, 14 Nov 2003 13:33:04, 12.216.x.x, 6, 113, IDENT Probe, 59885, 1
    Zshen, 14 Nov 2003 13:28:01, 12.216.x.x, 6, 113, IDENT Probe, 59831, 1
    Zshen, 14 Nov 2003 13:22:59, 12.216.x.x, 6, 113, IDENT Probe, 59768, 1
    Zshen, 14 Nov 2003 13:17:56, 12.216.x.x, 6, 113, IDENT Probe, 59745, 1
    Zshen, 14 Nov 2003 13:12:54, 12.216.x.x, 6, 113, IDENT Probe, 59714, 1
    Zshen, 14 Nov 2003 12:14:20, 12.216.x.x, 6, 113, IDENT Probe, 59189, 1
    Zshen, 14 Nov 2003 03:35:13, 12.216.x.x, 6, 113, IDENT Probe, 55291, 1
    Zshen, 14 Nov 2003 03:17:30, 12.216.x.x, 6, 113, IDENT Probe, 55113, 1
    Zshen, 13 Nov 2003 12:14:05, 12.216.x.x, 6, 113, IDENT Probe, 44590, 1
    Zshen, 11 Nov 2003 22:34:18, 12.216.x.x, 6, 113, IDENT Probe, 52854, 1
    jmac3, 11 Nov 2003 20:41:32, 24.206.x.x, 6, 22, SSH Probe, 47927, 1
    Ohpaus, 11 Nov 2003 20:37:22, 24.204.x.x, 6, 22, SSH Probe, 59760, 1
    sparafucilli, 11 Nov 2003 20:32:32, 24.203.x.x, 6, 22, SSH Probe, 43628, 1
    Flisher, 11 Nov 2003 20:30:50, 24.203.x.x, 6, 22, SSH Probe, 34347, 1
    gator, 11 Nov 2003 19:25:02, 24.164.x.x, 6, 22, SSH Probe, 58556, 1
    Zshen, 10 Nov 2003 22:34:02, 12.216.x.x, 6, 113, IDENT Probe, 59064, 1


    Click here to get further details regarding this incident:
    http://www.mynetwatchman.com/LID.asp?IID=58142726




    If you are a SERVICE PROVIDER:

    The above IP address may have been compromised by a third party.
    Please consider this possibility when determining appropriate action.
    Feel free to forward all or part of this alert to your customer.

    If you are an END-USER:

    Someone is launching unwanted attacks from a system within your network.
    Often this an indication of abuse by an individual
    or YOUR SYSTEM(S) MAY HAVE BEEN COMPROMISED.
    Hackers may be using your system to launch attacks against other users.

    See: http://www.mynetwatchman.com/kb/secu...ackdetect.html

    If you have any questions, feel free to contact me.

    IMPORTANT: All replies to this e-mail are automatically posted
    to a PUBLICLY viewable incident status.

    If possible, please use the following URL to update incident status:

    http://www.mynetwatchman.com/UI.asp?...ov200310:32:58

    This allows us to efficiently communicate incident status to all interested
    parties and minimizes the number of complaints you receive directly.

    Please send PRIVATE communications to: support@mynetwatchman.com
    Regards,

    Lawrence Baldwin
    President
    http://www.myNetWatchman.com
    The Internet Neighborhood Watch
    Atlanta, Georgia USA
    +1 678.624.0924
    is this advertisement or something for real? I didnt know I was using IPv6

  2. #2
    Heh.. Not a advertisement. it is a automated service (free too I believe) it works with Various firewalls and should be viewed with a grain of salt..

    As many users do not know how to properly configure PC based Firewalls, such as ZoneAlarm or blackice (both support by Mynetwatchmen) this is used by places for data (Dshield.org) is similar. Where users setup the MyNetWatchmen client and it parses their Firewall logs and notifies the IP owner it appeared that your IP was doing alot of IDENT checks, if this is your server is it a IRC server or something that needs to check IDENT? if not I would check into it, but as I said it can easily be miscontrued and when I worked abuse I got alot of calls due to a customer having a DAl.net server and it checked for Wingates..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •