An attempted Hack from a Backbone>?? Uh

  Gaz 25 14:46 09 Feb 2003
Locked

My firewall picked up an IP address that was a hack it tried 24 times to connect to my PC.

The IP is: 213.99.69.223


I found out that it is registerd to ConeXioN Corp. or something. Some of it is private. Coming from Nombres Telecomunications in Spain.
And one odd thing it is connected with various nodes (backbones in this case) that IP address.

213-99-69-223.uc.nombres.ttd.es is it's hostname.

And the backbone is, Santa Clara (I think), CA.

Then I got to find that the nodes on the network were other backbones, all registered under this hackers 213-99-69-223 IP address.

Can anyone else find anything about it, this is all what my firewall did.

I think whoever it is has connection illigally to a backbone, can someone help me please?


Thanks

I need to know more about this hacker to do anything says my ISP so this is why I am doing this, can anyone do some traces on it for me. Thanks

  Gaz 25 14:48 09 Feb 2003

.

  VoG™ 14:53 09 Feb 2003

inetnum: 213.99.64.0 - 213.99.127.255
netname: TTDNET
descr: Telefonica De Espana SAU (NCC 2001015139)
descr: Red de servicios IP
descr: Spain
country: ES
admin-c: LJP5-RIPE
tech-c: FLT14-RIPE
rev-srv: scmrro3.nombres.ttd.es
rev-srv: scmrro4.nombres.ttd.es
rev-srv: ns.ripe.net
status: ASSIGNED PA
notify: [email protected]
mnt-by: MAINT-AS3352
changed: [email protected] 20010131
changed: [email protected] 20010208
changed: [email protected] 20011016
changed: [email protected] 20020121
changed: [email protected] 20020530
source: RIPE

route: 213.99.64.0/18
descr: TTDNET (Red de servicios IP)
origin: AS3352
mnt-by: MAINT-AS3352
mnt-routes: MAINT-AS3352
mnt-lower: MAINT-AS3352
changed: [email protected] 20010404
changed: [email protected] 20020118
changed: [email protected] 20020313
source: RIPE

person: L Jimenez
address: TELEFONICA DE ESPANA
address: Emilio Vargas, 4
address: 28043-MADRID
address: SPAIN
phone: +34 91 5846497
fax-no: +34 91 5842650
e-mail: [email protected]
nic-hdl: LJP5-RIPE
remarks: ***************************************************
remarks: For ABUSE/SPAM/INTRUSION issues
remarks: PLEASE CONTACT THROUGH LINK
remarks: click here
remarks: or send mail to [email protected]
remarks: any mail to [email protected] will be ignored
remarks: ***************************************************
notify: [email protected]
changed: [email protected] 20020530
source: RIPE

person: Francisco Lorenzo de Tuero
address: TELEFONICA DE ESPANA
address: Emilio Vargas, 4
address: 28043-MADRID
address: SPAIN
phone: +34 91 5194446
fax-no: +34 91 5846936
remarks: ***************************************************
remarks: For ABUSE/SPAM/INTRUSION issues
remarks: PLEASE CONTACT THROUGH LINK
remarks: click here
remarks: or send mail to [email protected]
remarks: any mail to [email protected] will be ignored
remarks: ***************************************************
e-mail: [email protected]
nic-hdl: FLT14-RIPE
notify: [email protected]
changed: [email protected] 20020225
changed: [email protected] 20020530
source: RIPE

  Gaz 25 15:06 09 Feb 2003

I dont understand this much, can you get deeper into who this is.

Where did I get the backbones from?


Try this other IP: 213.99.69.223

  tulix 15:09 09 Feb 2003

looked at first 4 lines of that.then you lost me. i will go make a cup of tea lol

  Gaz 25 15:15 09 Feb 2003

Is it a illigal IP and backbone connection.?

  VoG™ 15:17 09 Feb 2003

That's the IP address that I searched for using McAfee Visual Trace and the output was as above.

Searching click here

Search results for: 213.99.69.223


OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL

NetRange: 213.0.0.0 - 213.255.255.255
CIDR: 213.0.0.0/8
NetName: RIPE-213
NetHandle: NET-213-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS.RIPE.NET
NameServer: AUTH00.NS.UU.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: MUNNARI.OZ.AU
NameServer: NS.APNIC.NET
NameServer: SVC00.APNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at whois.ripe.net
Comment:
RegDate:
Updated: 2002-09-11

OrgTechHandle: RIPE-NCC-ARIN
OrgTechName: RIPE NCC Hostmaster
OrgTechPhone: +31 20 535 4444
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2003-02-08 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.


Searching click here I get the same as with McAfee.

I don't understand the Backbone thing either.

  Gaz 25 15:26 09 Feb 2003

If not try a Norton traceroute click here and click on the trace an attack button.

Have to wait a second for norton to come on but this should come up with the info on backbones. Then do a search on the net for the Conexions corp. thing using google or any search engine.

See what u make of the backnbones on there.

Is it safe to trace route? Does the person on the other side know?

  VoG™ 15:33 09 Feb 2003

Tried that - stopped at Telefonica de Espana.

No mention of backbones.

Sorry, have to go out shortly.

I wouldn't worry - your firewall has stopped it and that's what matters.

  Gaz 25 15:36 09 Feb 2003

They must have a dynamic IP/

  Gaz 25 15:39 09 Feb 2003

Try this now, I thin I was stealthed from it though. I think they know I am on to them.

Quick
#

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

8 brilliant character artists speaking at Pictoplasma 2018

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?