Solved

Why these open sessions on computer managment on my Server ?

Posted on 2004-09-17
6
313 Views
Last Modified: 2013-12-04
hello...
while i was exploring computer managment on i found those open sessions :

http://smttz.jeeran.com/IP.jpg

this is some info about my computer :
Windows 2000 Server with SP4 and full updates
Macafe AntiVirus 8 Enterprize Edition
ISA Server to manage internet for clients
and i have 3 network adapters :
1-  the first called AdmTek and this have the IP, subnet ,DNS for the frame relay line .
this adapter have the IP 212.33.110.30 with subnet 255.255.255.244
2- the second called 3Com : that will give the internet for clients with.. and its consider my private network ..
it have the IP  : 147.159.123.1 with  subnet mask 255.255.255.0
3- is a Satelite adapter to receive internet by proxy .. and have default IP and its current is 169.xxxxxxxxxxx

i hope you can solve this problem ..
iam really afraid my computer is Hacked !! ..
help me pleaseee
0
Comment
Question by:3ezz
6 Comments
 
LVL 11

Expert Comment

by:Quetzal
Comment Utility
Your first adaptor ip address belongs to the jznet-ic center located in Gaza.  Your second adaptor ip address belongs to the US Naval Air Warfare Center.  Where did you get your ip addresses?


WHOIS: 212.33.110.30
Country: PALESTINE (high)

ARIN says that this IP belongs to RIPE; I'm looking it up there.


Using cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% This is the RIPE Whois secondary server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum:      212.33.110.0 - 212.33.110.127
netname:      jznet-ic
descr:        jznet-ic center located in Gaza
descr:        and provides Internet access to the public .
country:      ps
admin-c:      SK2218-RIPE
tech-c:       ii122-RIPE
status:       ASSIGNED PA
mnt-by:       POL-MNT
changed:     *******@p-ol.com 20040418
source:       RIPE

route:        212.33.104.0/21
descr:        Palestine Online
origin:       AS25586
mnt-by:       POL-MNT
changed:     *****@p-ol.com 20030504
source:       RIPE

person:       Shadi Khater
address:      Gaza palestine
phone:        +972-8-2051994
e-mail:      *********@p-ol.com
nic-hdl:      SK2218-RIPE
mnt-by:       POL-MNT
changed:     *******@p-ol.com 20040418
source:       RIPE

person:       Isam Ishaq
address:      Palestine Online
              Middle East Bldg. 210, Suite 210
              219 Manger St.
              Bethlehem
              Palestine
phone:        +972 2 2765479
fax-no:       +972 2 2984167
e-mail:      *****@p-ol.com
nic-hdl:      II122-RIPE
changed:     *****@p-ol.com 20021121
source:       RIPE



WHOIS: 147.159.123.1

Country: UNITED STATES

NOTE: More information appears to be available at TKB1-ARIN.


OrgName:    Naval Air Warfare Center, Aircraft Division
OrgID:      NAWCAD-2
Address:    6000 E. 21st Street
City:       Indianapolis
StateProv:  IN
PostalCode: 46219-2189
Country:    US

NetRange:   147.159.0.0 - 147.159.255.255
CIDR:       147.159.0.0/16
NetName:    NAWC-AD-INDY
NetHandle:  NET-147-159-0-0-1
Parent:     NET-147-0-0-0-0
NetType:    Direct Assignment
NameServer: CRS.NAWC-AD-INDY.NAVY.MIL
NameServer: NETMAN2.NAWC-AD-INDY.NAVY.MIL
Comment:    
RegDate:    1991-04-25
Updated:    1993-09-03

TechHandle: TKB1-ARIN
TechName:   Biddle, Timothy K
TechPhone:  +1-317-353-3258
TechEmail: **********@indy.navy.mil




WHOIS: 213.33.224.53
Country: RUSSIAN FEDERATION (high)


% This is the RIPE Whois secondary server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum:      213.33.224.0 - 213.33.224.255
netname:      SOVINTEL-p2p-sDSL-NET
descr:        Interface networks - Msk.
country:      RU
admin-c:      SL14811-RIPE
tech-c:       AR1442-RIPE
status:       ASSIGNED PA
notify:      ****@sovintel.ru
mnt-by:       SOVINTEL-MNT
remarks:      INFRA-AW
changed:     *********@sovintel.ru 20021002
source:       RIPE

route:        213.33.128.0/17
descr:        EDN Sovintel
origin:       AS3216
mnt-by:       AS3216-MNT
changed:     ****@sovam.com 20031106
source:       RIPE

person:       Sergey Lyadovoy
address:      EDN Sovintel
address:      Dubovaya roscha, 25
address:      Moscow, Russia, 127427
phone:        +7 095 2587898
fax-no:       +7 095 9412708
e-mail:      *********@sovintel.ru
nic-hdl:      SL14811-RIPE
notify:      ****@sovintel.ru
mnt-by:       SOVINTEL-MNT
changed:     **********@sovintel.net 20001221
source:       RIPE

person:       Andrey Rouskol
address:      EDN Sovintel
address:      Dubovaya roscha, 25
address:      Moscow, Russia, 127427
phone:        +7 501 2152183
fax-no:       +7 501 9412708
e-mail:      *****@sovintel.ru
nic-hdl:      AR1442-RIPE
notify:      ****@sovintel.ru
mnt-by:       SOVINTEL-MNT
changed:     *****@sovintel.ru 19990518
source:       RIPE



WHOIS: 213.33.124.91

Country: AUSTRIA


% This is the RIPE Whois secondary server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum:      213.33.124.0 - 213.33.124.255
netname:      MABA-AT
descr:        Mannesmann Anlagenbau Austria AG
country:      AT
admin-c:      MP6328-RIPE
tech-c:       MP6328-RIPE
status:       ASSIGNED PA
mnt-by:       AS8447-MNT
mnt-lower:    AS8447-MNT
changed:     ***********@aon.at 20010831
source:       RIPE

route:        213.33.0.0/17
descr:        HIGHWAY194
descr:        Arsenal Objekt 24
descr:        Vienna
origin:       AS8447
notify:      ***********@aon.at
mnt-by:       AS8447-MNT
changed:     ***********@aon.at 20000321
source:       RIPE

person:       Martin Prikril
address:      Oberlaaerstr. 331
address:      1230 Wien
address:      Austria
e-mail:      ***************@anlagenbau-austria.at
phone:        +43 1 61036 249
fax-no:       +43 1 61036 677
nic-hdl:      MP6328-RIPE
mnt-by:       AS8447-PERSON
changed:     ***********@aon.at 20010831
source:       RIPE


WHOIS: 213.33.124.91 and 213.33.63.231
0
 
LVL 1

Author Comment

by:3ezz
Comment Utility
hello
thank you .,.  i didn't understamd too much things ..
is my computer Hacked ?
and where you get those info ?
thats right iam on Gaza ..
but the IP  147.159.123.1 is my IP .. my private network .. i know every body but this for private IP : 192.168.xxxxxxx .. but i have chosen this ..
thank you ..
and waiting ur reply ..
0
 
LVL 1

Author Comment

by:3ezz
Comment Utility
what do you mean with (high) ?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 11

Accepted Solution

by:
Quetzal earned 500 total points
Comment Utility
Actually I'm not sure what the "high" designation means but it's what is returned by the WHOIS inquiry.

WRT to public ip addresses...just to be sure we are on the same page...  You can simply decide to use just any public ip address.  These addresses are allocated in a hierarchical fashion to specific entities and individuals for their use.  Moreover, various routers on the Internet are configured in such a way as to route traffic for traffice for these addresses in a particular way.

Your machine session log shows connections to Russia and Austria...I'd say you are getting hacked.
0
 
LVL 1

Expert Comment

by:jimmybartlett
Comment Utility
you might want to run a netstat -aon to find out what ports are open by what programs. If you kill the processes that are running those rogue ports it will most likely disconnect the hacker.
also, you should put up a firewall. Sygate is the one I have been recommended by most of my techie friends, but I hear Zone Alarm does a fairly good job as well.

1) Remove internet connection from your computer.
2) Reboot
3) install firewall of your choice and configure it into lockdown mode (only allow port 80 thru for now)
4) run your AV program so it can search for trojans. You probably have a few. Have it check every drive.
5) shut down and plug the internet connection back in. Boot back up.
6) check that screen again and see if those connections are still there.

Sygate: http://smb.sygate.com/products/spf_standard.htm
Zone Alarm: http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp?lid=selector_za
0
 
LVL 2

Expert Comment

by:dazer1virginia
Comment Utility
Go to control panel, networks connections, then properties of TCP/IP.  Check and see if "file and print sharing" is turned on for that external interface.  If it is, disable the checkmark.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now