W
willisharps
Hello,
Getting connection attempts from someone pretending to be
as a microsoft update.
- Bright minds wasted on hacking.
Here is my connection log.
File Version : 5.1.2600.0 (xpclient.010817-1148)
File Description : Generic Host Process for Win32
Services (svchost.exe)
File Path : C:\WINDOWS\system32\svchost.exe
Process ID : 0x5A4 (Heximal) 1444 (Decimal)
Connection origin : remote initiated
Protocol : UDP
Local Address : 24.30.191.253
Local Port : 1029
Remote Name :
Remote Address : 206.255.15.20
Remote Port : 12576
Ethernet packet details:
Ethernet II (Packet Length: 851)
Destination: 00-40-2b-70-9f-db
Source: 00-03-6c-4a-18-a8
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 112
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xa349 (Correct)
Source: 206.255.15.20
Destination: 24.30.191.253
User Datagram Protocol
Source port: 12576
Destination port: 1029
Length: 8
Checksum: 0x0 (Correct)
Data (817 Bytes)
Binary dump of the packet:
0000: 00 40 2B 70 9F DB 00 03 : 6C 4A 18 A8 08 00 45 00
| .@+p....lJ....E.
0010: 03 45 47 D6 00 00 70 11 : 49 A3 CE FF 0F 14 18 1E
| .EG...p.I.......
0020: BF FD 31 20 04 05 03 31 : 00 00 04 00 28 00 10 00
| ..1 ...1....(...
0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00
| ................
0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6
| ....{Z........O.
0050: E6 FC CC 43 77 C7 C1 67 : 9D E9 73 5B 18 10 7D E2
| ...Cw..g..s[..}.
0060: FA 5B 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00
| .[..............
0070: FF FF FF FF D9 02 00 00 : 00 00 13 00 00 00 00 00
| ................
0080: 00 00 13 00 00 00 4D 49 : 43 52 4F 53 4F 46 54 20
| ......MICROSOFT
0090: 4E 45 54 57 4F 52 4B 53 : 00 00 13 00 00 00 00 00
| NETWORKS........
00A0: 00 00 13 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53
| ......WINDOWS US
00B0: 45 52 00 00 00 00 00 00 : 00 00 8D 02 00 00 00 00
| ER..............
00C0: 00 00 8D 02 00 00 4D 69 : 63 72 6F 73 6F 66 74 20
| ......Microsoft
00D0: 53 65 63 75 72 69 74 79 : 20 42 75 6C 6C 65 74 69
| Security Bulleti
00E0: 6E 20 4D 53 30 33 2D 30 : 34 33 0D 0A 0D 0A 42 75
| n MS03-043....Bu
00F0: 66 66 65 72 20 4F 76 65 : 72 72 75 6E 20 69 6E 20
| ffer Overrun in
0100: 4D 65 73 73 65 6E 67 65 : 72 20 53 65 72 76 69 63
| Messenger Servic
0110: 65 20 43 6F 75 6C 64 20 : 41 6C 6C 6F 77 20 43 6F
| e Could Allow Co
0120: 64 65 20 45 78 65 63 75 : 74 69 6F 6E 20 28 38 32
| de Execution (82
0130: 38 30 33 35 29 0D 0A 0D : 0A 41 66 66 65 63 74 65
| 8035)....Affecte
0140: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A
| d Software: ....
0150: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
0160: 73 20 4E 54 20 57 6F 72 : 6B 73 74 61 74 69 6F 6E
| s NT Workstation
0170: 20 0D 0A 4D 69 63 72 6F : 73 6F 66 74 20 57 69 6E
| ..Microsoft Win
0180: 64 6F 77 73 20 4E 54 20 : 53 65 72 76 65 72 20 34
| dows NT Server 4
0190: 2E 30 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57
| .0 ..Microsoft W
01A0: 69 6E 64 6F 77 73 20 32 : 30 30 30 20 20 20 0D 0A
| indows 2000 ..
01B0: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
01C0: 73 20 58 50 20 20 0D 0A : 4D 69 63 72 6F 73 6F 66
| s XP ..Microsof
01D0: 74 20 57 69 6E 64 6F 77 : 73 20 57 69 6E 39 38 20
| t Windows Win98
01E0: 20 20 0D 0A 4D 69 63 72 : 6F 73 6F 66 74 20 57 69
| ..Microsoft Wi
01F0: 6E 64 6F 77 73 20 53 65 : 72 76 65 72 20 32 30 30
| ndows Server 200
0200: 33 0D 0A 0D 0A 4E 6F 6E : 20 41 66 66 65 63 74 65
| 3....Non Affecte
0210: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A
| d Software: ....
0220: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
0230: 73 20 4D 69 6C 6C 65 6E : 6E 69 75 6D 20 45 64 69
| s Millennium Edi
0240: 74 69 6F 6E 0D 0A 0D 0A : 59 6F 75 72 20 73 79 73
| tion....Your sys
0250: 74 65 6D 20 69 73 20 61 : 66 66 65 63 74 65 64 2C
| tem is affected,
0260: 20 64 6F 77 6E 6C 6F 61 : 64 20 74 68 65 20 70 61
| download the pa
0270: 74 63 68 20 66 72 6F 6D : 20 74 68 65 20 61 64 64
| tch from the add
0280: 72 65 73 73 20 62 65 6C : 6F 77 20 21 20 0D 0A 46
| ress below ! ..F
0290: 49 52 53 54 20 54 59 50 : 45 20 54 48 45 20 41 44
| IRST TYPE THE AD
02A0: 44 52 45 53 53 20 42 45 : 4C 4F 57 20 49 4E 54 4F
| DRESS BELOW INTO
02B0: 20 59 4F 55 52 20 49 4E : 54 45 52 4E 45 54 20 42
| YOUR INTERNET B
02C0: 52 4F 57 53 45 52 2C 20 : 54 48 45 4E 20 43 4C 49
| ROWSER, THEN CLI
02D0: 43 4B 20 27 4F 4B 27 2E : 0D 0A 54 48 45 20 41 44
| CK 'OK'...THE AD
02E0: 44 52 45 53 53 20 57 49 : 4C 4C 20 44 49 53 41 50
| DRESS WILL DISAP
02F0: 50 45 41 52 20 4F 4E 43 : 45 20 59 4F 55 20 48 49
| PEAR ONCE YOU HI
0300: 54 20 27 4F 4B 27 2E 0D : 0A 0D 0A 20 20 20 20 20
| T 'OK'.....
0310: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20
|
0320: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20
|
0330: 20 20 20 20 20 20 20 20 : 20 20 20 77 77 77 2E 77
| www.w
0340: 69 6E 64 6F 77 73 70 61 : 74 63 68 2E 69 6E 66 6F
| indowspatch.info
0350: 0D 0A 00 :
| ...
Getting connection attempts from someone pretending to be
as a microsoft update.
- Bright minds wasted on hacking.
Here is my connection log.
File Version : 5.1.2600.0 (xpclient.010817-1148)
File Description : Generic Host Process for Win32
Services (svchost.exe)
File Path : C:\WINDOWS\system32\svchost.exe
Process ID : 0x5A4 (Heximal) 1444 (Decimal)
Connection origin : remote initiated
Protocol : UDP
Local Address : 24.30.191.253
Local Port : 1029
Remote Name :
Remote Address : 206.255.15.20
Remote Port : 12576
Ethernet packet details:
Ethernet II (Packet Length: 851)
Destination: 00-40-2b-70-9f-db
Source: 00-03-6c-4a-18-a8
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 112
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xa349 (Correct)
Source: 206.255.15.20
Destination: 24.30.191.253
User Datagram Protocol
Source port: 12576
Destination port: 1029
Length: 8
Checksum: 0x0 (Correct)
Data (817 Bytes)
Binary dump of the packet:
0000: 00 40 2B 70 9F DB 00 03 : 6C 4A 18 A8 08 00 45 00
| .@+p....lJ....E.
0010: 03 45 47 D6 00 00 70 11 : 49 A3 CE FF 0F 14 18 1E
| .EG...p.I.......
0020: BF FD 31 20 04 05 03 31 : 00 00 04 00 28 00 10 00
| ..1 ...1....(...
0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00
| ................
0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6
| ....{Z........O.
0050: E6 FC CC 43 77 C7 C1 67 : 9D E9 73 5B 18 10 7D E2
| ...Cw..g..s[..}.
0060: FA 5B 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00
| .[..............
0070: FF FF FF FF D9 02 00 00 : 00 00 13 00 00 00 00 00
| ................
0080: 00 00 13 00 00 00 4D 49 : 43 52 4F 53 4F 46 54 20
| ......MICROSOFT
0090: 4E 45 54 57 4F 52 4B 53 : 00 00 13 00 00 00 00 00
| NETWORKS........
00A0: 00 00 13 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53
| ......WINDOWS US
00B0: 45 52 00 00 00 00 00 00 : 00 00 8D 02 00 00 00 00
| ER..............
00C0: 00 00 8D 02 00 00 4D 69 : 63 72 6F 73 6F 66 74 20
| ......Microsoft
00D0: 53 65 63 75 72 69 74 79 : 20 42 75 6C 6C 65 74 69
| Security Bulleti
00E0: 6E 20 4D 53 30 33 2D 30 : 34 33 0D 0A 0D 0A 42 75
| n MS03-043....Bu
00F0: 66 66 65 72 20 4F 76 65 : 72 72 75 6E 20 69 6E 20
| ffer Overrun in
0100: 4D 65 73 73 65 6E 67 65 : 72 20 53 65 72 76 69 63
| Messenger Servic
0110: 65 20 43 6F 75 6C 64 20 : 41 6C 6C 6F 77 20 43 6F
| e Could Allow Co
0120: 64 65 20 45 78 65 63 75 : 74 69 6F 6E 20 28 38 32
| de Execution (82
0130: 38 30 33 35 29 0D 0A 0D : 0A 41 66 66 65 63 74 65
| 8035)....Affecte
0140: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A
| d Software: ....
0150: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
0160: 73 20 4E 54 20 57 6F 72 : 6B 73 74 61 74 69 6F 6E
| s NT Workstation
0170: 20 0D 0A 4D 69 63 72 6F : 73 6F 66 74 20 57 69 6E
| ..Microsoft Win
0180: 64 6F 77 73 20 4E 54 20 : 53 65 72 76 65 72 20 34
| dows NT Server 4
0190: 2E 30 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57
| .0 ..Microsoft W
01A0: 69 6E 64 6F 77 73 20 32 : 30 30 30 20 20 20 0D 0A
| indows 2000 ..
01B0: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
01C0: 73 20 58 50 20 20 0D 0A : 4D 69 63 72 6F 73 6F 66
| s XP ..Microsof
01D0: 74 20 57 69 6E 64 6F 77 : 73 20 57 69 6E 39 38 20
| t Windows Win98
01E0: 20 20 0D 0A 4D 69 63 72 : 6F 73 6F 66 74 20 57 69
| ..Microsoft Wi
01F0: 6E 64 6F 77 73 20 53 65 : 72 76 65 72 20 32 30 30
| ndows Server 200
0200: 33 0D 0A 0D 0A 4E 6F 6E : 20 41 66 66 65 63 74 65
| 3....Non Affecte
0210: 64 20 53 6F 66 74 77 61 : 72 65 3A 20 0D 0A 0D 0A
| d Software: ....
0220: 4D 69 63 72 6F 73 6F 66 : 74 20 57 69 6E 64 6F 77
| Microsoft Window
0230: 73 20 4D 69 6C 6C 65 6E : 6E 69 75 6D 20 45 64 69
| s Millennium Edi
0240: 74 69 6F 6E 0D 0A 0D 0A : 59 6F 75 72 20 73 79 73
| tion....Your sys
0250: 74 65 6D 20 69 73 20 61 : 66 66 65 63 74 65 64 2C
| tem is affected,
0260: 20 64 6F 77 6E 6C 6F 61 : 64 20 74 68 65 20 70 61
| download the pa
0270: 74 63 68 20 66 72 6F 6D : 20 74 68 65 20 61 64 64
| tch from the add
0280: 72 65 73 73 20 62 65 6C : 6F 77 20 21 20 0D 0A 46
| ress below ! ..F
0290: 49 52 53 54 20 54 59 50 : 45 20 54 48 45 20 41 44
| IRST TYPE THE AD
02A0: 44 52 45 53 53 20 42 45 : 4C 4F 57 20 49 4E 54 4F
| DRESS BELOW INTO
02B0: 20 59 4F 55 52 20 49 4E : 54 45 52 4E 45 54 20 42
| YOUR INTERNET B
02C0: 52 4F 57 53 45 52 2C 20 : 54 48 45 4E 20 43 4C 49
| ROWSER, THEN CLI
02D0: 43 4B 20 27 4F 4B 27 2E : 0D 0A 54 48 45 20 41 44
| CK 'OK'...THE AD
02E0: 44 52 45 53 53 20 57 49 : 4C 4C 20 44 49 53 41 50
| DRESS WILL DISAP
02F0: 50 45 41 52 20 4F 4E 43 : 45 20 59 4F 55 20 48 49
| PEAR ONCE YOU HI
0300: 54 20 27 4F 4B 27 2E 0D : 0A 0D 0A 20 20 20 20 20
| T 'OK'.....
0310: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20
|
0320: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20
|
0330: 20 20 20 20 20 20 20 20 : 20 20 20 77 77 77 2E 77
| www.w
0340: 69 6E 64 6F 77 73 70 61 : 74 63 68 2E 69 6E 66 6F
| indowspatch.info
0350: 0D 0A 00 :
| ...