martmac
asked on
TCP Sweep problem
I have a virtual private server and have had th servic suspended a a result of "illegal activity" that I know nothing of. The report to me from the service provider included the report below.
22:31:51 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=331,dp=110,min=212. 1.184.1,ma x=212.1.18 4.254,Oct0 7-22:31:50 ,Oct07-22: 31:51) (USI-amsxaid01)
22:31:53 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=381,dp=110,min=212. 1.184.1,ma x=212.1.18 5.254,Oct0 7-22:31:51 ,Oct07-22: 31:53) (USI-amsxaid01)
22:31:54 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=387,dp=110,min=212. 1.187.1,ma x=212.1.18 6.254,Oct0 7-22:31:53 ,Oct07-22: 31:54) (USI-amsxaid01)
22:31:54 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=383,dp=110,min=212. 1.188.1,ma x=212.1.18 7.254,Oct0 7-22:31:54 ,Oct07-22: 31:54) (USI-amsxaid01)
22:31:55 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=379,dp=110,min=212. 1.189.1,ma x=212.1.18 8.254,Oct0 7-22:31:54 ,Oct07-22: 31:55) (USI-amsxaid01)
22:31:56 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=386,dp=110,min=212. 1.186.1,ma x=212.1.18 9.254,Oct0 7-22:31:55 ,Oct07-22: 31:56) (USI-amsxaid01)
22:31:57 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=378,dp=110,min=212. 1.187.1,ma x=212.1.18 6.254,Oct0 7-22:31:56 ,Oct07-22: 31:57) (USI-amsxaid01)
22:31:58 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=384,dp=110,min=212. 1.188.1,ma x=212.1.18 8.254,Oct0 7-22:31:57 ,Oct07-22: 31:58) (USI-amsxaid01)
22:31:58 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=375,dp=110,min=212. 1.190.1,ma x=212.1.19 0.254,Oct0 7-22:31:58 ,Oct07-22: 31:58) (USI-amsxaid01)
22:32:01 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=363,dp=110,min=212. 1.190.30,m ax=212.1.1 91.254,Oct 07-22:31:5 8,Oct07-22 :32:01) (USI-amsxaid01)
22:32:11 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=315,dp=110,min=212. 1.191.1,ma x=212.1.19 1.254,Oct0 7-22:32:01 ,Oct07-22: 32:02) (USI-amsxaid01)
I understand that this may be as a result of a script that might be running, again I know not how as I am the only person who has the credentials to log into the server and I know nothing about scripts or how to locate such a rogue script.
Can anyone offe any help as to how I can find what is causing this problem?
Many thanks
22:31:51 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=331,dp=110,min=212.
22:31:53 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=381,dp=110,min=212.
22:31:54 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=387,dp=110,min=212.
22:31:54 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=383,dp=110,min=212.
22:31:55 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=379,dp=110,min=212.
22:31:56 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=386,dp=110,min=212.
22:31:57 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=378,dp=110,min=212.
22:31:58 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=384,dp=110,min=212.
22:31:58 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=375,dp=110,min=212.
22:32:01 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=363,dp=110,min=212.
22:32:11 212.241.201.123 0.0.0.0 [TCP-SWEEP] (total=315,dp=110,min=212.
I understand that this may be as a result of a script that might be running, again I know not how as I am the only person who has the credentials to log into the server and I know nothing about scripts or how to locate such a rogue script.
Can anyone offe any help as to how I can find what is causing this problem?
Many thanks
What operating system are you running on your server?
ASKER
Its a Windows 2003 server
Try to install a program like wintasks and look for any strange processes that may be causing this behaviour..
You could also install a sniffer like 'ethereal' or 'wireshark' and try to monitor the packets sent by your pc.
You could also install a sniffer like 'ethereal' or 'wireshark' and try to monitor the packets sent by your pc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for this, it has been a nightmare. I am unsure what a brute force attempt is, but it is something I can take up with the provider. Thank you for your help. I am very new to this, so I need a much to take to the provider as possible.