doees anyone know what this is?
NMAP XMAS SCAN

*bump* maybe its not important it mentions my name is it saying im high risk? downloadin and sharing on shareaza thats all running and i turn monitor on 2 get this high risk .got home bout 2hrs ago now?

someone is scanning ur pc...nothing serious since if ur running a firewall

Originally posted by Catracho@30 October 2003 - 05:39
someone is scanning ur pc...nothing serious since if ur running a firewall
someone like riaa or uk people? thx they can get us now u know.

Originally posted by wormless+30 October 2003 - 06:40--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (wormless @ 30 October 2003 - 06:40)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Catracho@30 October 2003 - 05:39
someone is scanning ur pc...nothing serious since if ur running a firewall
someone like riaa or uk people? thx they can get us now u know. [/b][/quote]
nah riaa uk people cannt afford to do a scan like that since it&#39;s illegal to scan any ip address. If they did it they would have to break the law not that they dont anyways <_<

This event indicates that an intruder is scanning your computer for available TCP services by sending "Xmas-tree" packets. These packets have the a sequence number of zero and the FIN, URG, and PUSH flags set. This packet should never be seen in normal TCP operation.

Originally posted by Catracho+30 October 2003 - 05:45--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Catracho @ 30 October 2003 - 05:45)</td></tr><tr><td id='QUOTE'>
Originally posted by wormless@30 October 2003 - 06:40
<!--QuoteBegin-Catracho@30 October 2003 - 05:39
someone is scanning ur pc...nothing serious since if ur running a firewall
someone like riaa or uk people? thx they can get us now u know.
nah riaa uk people cannt afford to do a scan like that since it&#39;s illegal to scan any ip address. If they did it they would have to break the law not that they dont anyways <_<

This event indicates that an intruder is scanning your computer for available TCP services by sending "Xmas-tree" packets. These packets have the a sequence number of zero and the FIN, URG, and PUSH flags set. This packet should never be seen in normal TCP operation. [/b][/quote]
we can get done in uk now 4 sharing and downloading. i aint scared nortons protecting at moment. see if the trsckers working now wasnt when i clicked on it earlier.

where did u get the info from please?

sorry about not posting the source...i really think it&#39;s nothing to worry about.

here is the source: http://www.digitaltrust.it/arachnids/IDS30/event.html

Originally posted by Catracho@30 October 2003 - 05:58
sorry about not posting the source...i really think it&#39;s nothing to worry about.

here is the source: http://www.digitaltrust.it/arachnids/IDS30/event.html
ok thankyou. norton stopped them then and said it was high risk. thx for your hep much appriechiated (spelling)

someone is snorting ur pc. disconnect from interent, run av. review logs, post or pm me with some suspecious results (don&#39;t post ur ip). it&#39;s possible to be either a "backdoor attack" or "ddos attack"

Originally posted by nikita69@30 October 2003 - 06:03
someone is snorting ur pc. disconnect from interent, run av. review logs, post or pm me with some suspecious results (don&#39;t post ur ip). it&#39;s possible to be either a "backdoor attack" or "ddos attack"
done the tracker and it came up with a college in us it questions location so its not sure

wormless update:- her pc is now unplugged from the network and norton is currently scanning, I dont understand how something manages to get through, my pc(this one) acts as the server for the house network, it has the same norton internet security 2003 running, I also have the windows xp firewall running, I know the windows one is probably not that good but I see it as a little bit of extra protection, so how would something just go straight past my pc and get to her pc, wouldn&#39;t my firewall detect something? also wouldn&#39;t we both be attacked as we are on the same ip address? :unsure:

@wormless & k-liteuserintheworld - are u both on the same IP, the same PC or neither?
@wormless - if that college ip is the suspecious act, then they have been snorting ur pc. If u have another pc, download the latest updates of ur firewall & AV on a disk. install them to ur pc then run av on all hd.
@k-liteuserintheworld - u could be infected too if it&#39;s a diff pc on the same network. many people follow the step-by-step guide of setting up the network, yet fail to complete the security steps (policies, rules, user limitation or removal, etc...)

I&#39;m not a miracle worker, yet a bit more detailed info would help, such as packet info, actions taken by snort, what were u doing before and after, etc....

Originally posted by nikita69@30 October 2003 - 07:49
@wormless & k-liteuserintheworld - are u both on the same IP, the same PC or neither?
@wormless - if that college ip is the suspecious act, then they have been snorting ur pc. If u have another pc, download the latest updates of ur firewall & AV on a disk. install them to ur pc then run av on all hd.
@k-liteuserintheworld - u could be infected too if it&#39;s a diff pc on the same network. many people follow the step-by-step guide of setting up the network, yet fail to complete the security steps (policies, rules, user limitation or removal, etc...)

I&#39;m not a miracle worker, yet a bit more detailed info would help, such as packet info, actions taken by snort, what were u doing before and after, etc....
ive scanned mine offline and its cleared of viros e.t.c.

which log file is it?
we have 5pcs on 1 network.
norton is up-to-date with latest definitions. 29/10/03 last update.

nortons tracker as i didnt post details. the college was:

org name: ithuca
org id: ithaca
address: s&dp, philliph hall
city: ithaca
state provence: NY
location --- where its found it has a ? it thinks syracuse.

i left pc runnin while i was at work it was only using shareaza so it cud be someone from there.as it shows ips.

8hrs 15mins later we come home and i turn monitor on and i see nortons red alert. show details yes but the tracker again wasnt working. 2hrs later i check tracker and see college. before work i was on this k-lite board and thats it. msn loaded up and i shut it down.

what i think happened is this snort, if it did really happen, it disable/flooded norton av, then went about it&#39;s other steps.

do u have a fw installed? i prefer sygate, yet have a cisco hardware firewall on my main pc and in transition to convert the whole network to it (A LOT MORE PROTECTION than software) if u have fw installed, then paste the suspected ip&#39;s packets.

run av on all every pc in the network.
l

Originally posted by nikita69@30 October 2003 - 08:23
what i think happened is this snort, if it did really happen, it disable/flooded norton av, then went about it&#39;s other steps.

do u have a fw installed? i prefer sygate, yet have a cisco hardware firewall on my main pc and in transition to convert the whole network to it (A LOT MORE PROTECTION than software) if u have fw installed, then paste the suspected ip&#39;s packets.

run av on all every pc in the network.
l
the tracker doesnt always load up though.
ive had this b4 and so has my bf. i think i should have zonealarm running whilst out too. yes we have firewalls on all pcs norton. my bf has 2 firewalls on his. each pc had norton instaled on them 2003 waiting 4 2oo4 upgrade to come out

i just wanna be clear about couple of points:
1. have u disconnected the internet on all PCs and ran the AV on all? if not do so now
2. does each pc have it&#39;s own fw?

Originally posted by nikita69@30 October 2003 - 08:39
i just wanna be clear about couple of points:
1. have u disconnected the internet on all PCs and ran the AV on all? if not do so now
2. does each pc have it&#39;s own fw?
all the 5pcs has its own fw as stated in other msg. my pc is the only one been scanned i will do the others now

ok, let me know when ur ready and post any unusual results from AV. i may or may not be here by the time ur done, yet i&#39;ll check again. :)

Originally posted by nikita69@30 October 2003 - 08:45
ok, let me know when ur ready and post any unusual results from AV. i may or may not be here by the time ur done, yet i&#39;ll check again. :)
i&#39;ll do it later going bed now ok :) thx for your help aswell&#33; bbl