Why am I contacting DoD? Hack?

[mrman]

My Zone Alarm alert is telling me that it has blocked routed traffic from:

IP 193.3.64.91

inetnum: 193.3.64.0 - 193.3.127.255
netname: POSTNET-DK
descr: Det danske postvaesen
country: DK
admin-c: FL1497-RIPE
tech-c: FL1497-RIPE
status: ASSIGNED PA
mnt-by: RIPE-NCC-NONE-MNT
changed: [email protected] 19921006
changed: [email protected] 19921007
changed: [email protected] 19990706
changed: [email protected] 19990919
source: RIPE


person: Finn Lejstrup
address: P&T informatikenheden
address: DK-1566 K|benhavn V
address: Danmark
phone: +45 33 75 45 06
fax-no: +45 33 75 45 05
nic-hdl: FL1497-RIPE
changed: [email protected], 19921006
changed: [email protected] 19921007
changed: [email protected] 19990615
source: RIPE


TO

11.129.0.0

DoD Intel Information Systems (NET-DODIIS)
Defense Intelligence Agency
Washington, DC 20301
US

Netname: DODIIS
Netblock: 11.0.0.0 - 11.255.255.255
Maintainer: DNIC

Coordinator:
DoD, Network (MIL-HSTMST-ARIN) [email protected]
(703) 676-1051 (800) 365-3642 (FAX) (703) 676-1749

Any idea what this is about?

------------------
ATHLON 750, GA-71XE, 256 SDRAM, 20 GB 7200 Maxtor, 32 MB G400, SB Live, win98se, Centurytel DSL

[sting]

http://www.mcu.usmc.mil/ccss/ccsc/C2...um/dodiis.html

go figure

------------------
"Onward Through the fog"
VDR SEARCH

Stings Shack™

[NoBoB]

Well, I don't really know what that's about (or why traffic from Denmark would go through you -- hint, hint), but you better fix it.

We can hit a sheet of plywood from 2500 miles away if we have to, ya know

Seriously, that sounds very worm-ish, wouldn't you say?

[ceh383]

Check your system for TROJANS.....

------------------
Keyboard error or no keyboard present

Press F1 to continue

My corner of the world

[sting]

sounds as if your system is comprimised and being used for attacks against others, or lets say it looks like someone had plans to do this. Do as ceh stated and do a complete trojan scan...... http://www.tauscan.com
http://www.sans.org/infosecFAQ/malicious/virus_free.htm

------------------
"Onward Through the fog"
VDR SEARCH

Stings Shack™

[This message has been edited by sting (edited 08-21-2001).]

[mrman]

Its as if someone is trying to access the DoDIIS via my puter, but ZA wouldn't let it.

I have updated NAV and have run regular scans with no virii.

This has been blocked 20 times today. happens exactly at the same time, on the hour.

------------------
ATHLON 750, GA-71XE, 256 SDRAM, 20 GB 7200 Maxtor, 32 MB G400, SB Live, win98se, Centurytel DSL

[sting]

have you downloaded tauscan yet, if so update it also, then run it off line and post back. Most Avs dont catch all trojans!!

------------------
"Onward Through the fog"
VDR SEARCH

Stings Shack™

[Cliffh]

Also, NAV defaults to scan Program Files Only. You might want to set it to scan All Files.

[mrman]

Tauscan v 1.6 came up clean. Probably nothing serious. ZA is blocking the transfer. I just wonder why I am getting picked on? Always use a Firewall with DSL!


------------------
ATHLON 750, GA-71XE, 256 SDRAM, 20 GB 7200 Maxtor, 32 MB G400, SB Live, win98se, Centurytel DSL

[sting]

hmmm, im headed to bed, but you can download startup log and paste your results here, this will show what evers starting up on your pc when you start it..... also download port log ...run it and post you results here, if anything does look wrong, these good guys at vdr will see it. You can run start log off line, but run port log while your on line. all is found here.....

http://home.earthlink.net/~rmbox/Reticulated/Toys.html

------------------
"Onward Through the fog"
VDR SEARCH

Stings Shack™